Management method and system for managing replication by taking into account cluster

ABSTRACT

A management system, which manages a host computer and a storage system, holds cluster information, specifies an active-state host computer and an inactive-state host computer based on a backup instruction specifying a virtual host identifier, determines the need for executing a replication for disaster recovery use, and when necessary, executes this replication for disaster recovery use in combination with a replication for backup use.

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS

Japan Priority Application 2009-223617 filed Sep. 29, 2009 including thespecification, drawings, claims and abstract, is incorporated herein byreference in its entirety. This application is a Continuation of U.S.application Ser. No. 12/687,770, filed Jan. 14, 2010, incorporatedherein by reference in its entirety.

BACKGROUND

The present invention generally relates to a backup and recovery using astorage system in a cluster environment.

The introduction of globalization and online business operations inrecent years has made it preferable for corporate information systems tooperate continuously 24-hours-a-day, 365-days-a-year. As a technologyfor achieving this, there is clustering technology. In general,clustering technology makes the resources of an information system, suchas a server and storage system, redundant, and increases availability sothat even when a failure occurs in one portion of the informationsystem, it is possible to continue carrying out tasks on thisinformation system by using the resources that have not been affected bythe failure. Clustering technology comprises a local cluster that sharesdata in common, and a remote cluster, which replicates data and holdsthe data redundantly in different apparatuses. As a result ofredundancy, clustering technology comprises a plurality of the sameresources in each information system. This increase in resources is aproblem since it consequently makes a user do complex settings. Withrespect to this problem, for example, the prior art of US PatentPublication No. 2004/0181707 (hereinafter referred to as PatentLiterature 1) makes it possible to set a replication (explained below)that makes the contents of data in a plurality of storage systems matchby specifying a cluster-targeted server in a remote cluster environmentin which both servers and storage systems adopt a redundantconfiguration.

Alternatively, a corporate information system implements a backup inpreparation for the destruction and loss of data resulting from anoperational error or equipment failure. A backup refers to thereplication of data that is utilized in the corporate informationsystem. Since data replication places a huge work load on a computer,replication technology is used to reduce this load. As replicationtechnology prior art, there is US Patent Publication No. 2009/0055613(hereinafter referred to as Patent Literature 2). In Patent Literature2, the computer does not replicate the data, and instead the storagesystem replicates data that is in a storage area of this storage systemto another storage area.

SUMMARY

The thinking here is to realize a backup in a corporate informationsystem that utilizes either local or remote clustering technologywithout compelling the user to make a complex setting. The PatentLiterature 1 does not satisfy the above as it does not have a disclosurerelated to a backup. Since the Patent Literature 2 does not have adisclosure related to simplifying replication technology settings, it isnot able to satisfy the above even when combined with the PatentLiterature 1. Furthermore, the Patent Literature 1 only makes adisclosure related to remote clustering, and does not describe a localcluster that does not make the storage system redundant.

As described above, the prior art is not able to solve for theabove-mentioned problem.

An object of the present invention is to provide a system that is ableto perform a backup in a corporate information system that utilizeseither local or remote clustering technology without compelling the userto make a complex setting.

A management system, which manages a host computer and a storage system,holds cluster information, identifies an active-state host computer andan inactive-state host computer based on an backup instruction thatspecifies a virtual host identifier, determines the need for theexecution of a replication for disaster recovery use, and in a casewhere such a need exists, executes this disaster recovery replication incombination with a replication for backup use.

It is possible to achieve a backup in a computer system that utilizeseither local or remote clustering technology without compelling the userto make a complex setting.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram related to the configuration of a computersystem;

FIG. 2 is detailed diagram of a storage subsystem 1000;

FIG. 3 is a detailed diagram of a management computer 10;

FIG. 4 is a detailed diagram of a host computer;

FIGS. 5-1 and 5-2 show a backup configuration in a local cluster system;

FIGS. 6-1 and 6-2 show a backup configuration in a remote clustersystem;

FIG. 7 shows an example of the configuration of management-side storageinformation 114C stored in the management computer 10;

FIG. 8 shows an example of the configuration of management-sidereplication information 113C stored in the management computer 10;

FIG. 9 shows an example of the configuration of management-side backupinformation 18 stored in the management computer 10;

FIG. 10 shows an example of the configuration of management-side cataloginformation 14 stored in the management computer 10;

FIG. 11 shows an example of the configuration of management-side sitecatalog information 15 stored in the management computer 10;

FIG. 12 shows an example of the configuration of management-sideAP-volume correspondence information 13 stored in the managementcomputer 10;

FIG. 13 shows an example of the configuration of management-side clusterconfiguration information 19 stored in the management computer 10;

FIG. 14 shows an example of the configuration of storage-sidereplication information 1210 stored in the storage subsystem 1000 of afirst embodiment of the present invention;

FIG. 15 shows an example of the configuration of storage-side volumemanagement information 1250 stored in the storage subsystem 1000 of thefirst embodiment of the present invention;

FIG. 16 is the flow of processing by which the management computer 10creates management-side storage information 114C related to the storagesubsystem 1000;

FIG. 17 is the flow of processing by which the management computer 10creates the management-side cluster configuration information 19 usingthe cluster system management information;

FIG. 18 is an example of a screen by which the management computer 10acquires cluster system configuration information;

FIG. 19 is the flow of processing by which the management computer 10creates the management-side AP-volume correspondence information 13 forcorrespondingly managing an AP running on the host computer 200 and thevolume that this AP uses;

FIG. 20 is an example of a screen for acquiring backup-targetapplication information;

FIG. 21 is the flow of processing by which the management computer 10creates the management-side backup information 18, the management-sidecatalog information 14, and the management-side site catalog information15 required for a backup;

FIG. 22 is an example of a screen for acquiring information regardingdata that a backup-target application will use;

FIG. 23 is an example of a screen for acquiring information regardingdetailed data that the backup-target application will use;

FIG. 24 is an example of a screen for acquiring backup scheduleinformation;

FIG. 25 is a process by which the management computer 10 establishes areplication configuration;

FIG. 26 is the flow of processing for a backup process by the managementcomputer 10;

FIG. 27 is the flow of processing for a restore process by themanagement computer 10;

FIG. 28 shows an example of an input screen of the restore process;

FIG. 29 is an example of an input screen for deciding the detailed dataof the restore process;

FIG. 30 shows the flow of processing for an inactive-state host computer200 to take over a backup process subsequent to an active-state hostcomputer 200 having experienced a failure;

FIG. 31 is a post-failover restore process for a failed host 200 a;

FIG. 32 is a flow for determining whether or not data that the failedhost 200 a backed up prior to the failure will be used as therestore-target data;

FIG. 33 is a flow related to processing for transferring data that thefailed host 200 a acquired prior to failure to a logical volume targetedfor a restore using replication control;

FIG. 34 is a schematic diagram related to a replication process for datathat the failed host 200 a created subsequent to the failure;

FIG. 35 is the flow of processing for starting a replication executed inaccordance with the primary and secondary storage subsystems 1000;

FIG. 36 is a flowchart showing an example of a regular copy processexecuted by the storage subsystems 1000; and

FIG. 37 is a data transfer request created by the storage subsystem 1000during the implementation of a remote replication.

DETAILED DESCRIPTION OF THE EMBODIMENT

The embodiment of the present invention will be explained below byreferring to the drawings.

In the following explanation, the information of the present inventionwill be explained using expressions such as “xxx table”, “xxx list”,“xxx DB” or “xxx queue”, but this information may be expressed usingdata structures other than the table, list, DB or queue. For thisreason, in order to show that the information is not dependent on thedata structure, the information may be called “xxx information” withrespect to the “xxx table”, the “xxx list”, the “xxx DB” and the “xxxqueue”.

Further, when explaining the contents of the respective information,expressions such as “identification information”, “identifier”, “name”,“ID”, and “number” will be used, but since these expressions are notlimited to physical entities, such as an apparatus or component, butrather are allocated for distinguishing between logical entities aswell, these expressions are interchangeable.

In the following explanation, there may be instances when “program” isused as the subject of an explanation, but since a prescribed process iscarried out by executing a program in accordance with the processorwhile using a memory and interface, the explanation may also use theprocessor as the subject. Further, a process that is disclosed havingthe program as the subject may be a process performed by a storagesubsystem, a computer, such as a management server, and an informationprocessing apparatus. Either all or a portion of the programs may berealized using dedicated hardware. The same holds true for the storagesubsystem, and a process that is disclosed having the program as thesubject may be a process that either a storage control apparatus or astorage system perform.

Further, various types of programs may be installed in the respectivecomputers using a program delivery server or storage media.

Embodiment 1 (1-1) System Configuration

FIG. 1 is an example of a block diagram related to the configuration ofa computer system of a first embodiment of the present invention.

The configuration is such that the computer system is divided into aprimary site and a remote site where storage subsystems 1000 areprovided, and the storage subsystem 1000 at each site is coupled toeither one, two or more host computers 200. The host computer 200 iscoupled to a client computer 250. A management computer 10 is coupled byway of a control line to the host computers 200 at the respective sites.Furthermore, in FIG. 1, the respective elements, i.e. the managementcomputer, the host computer, and the storage subsystem, are divided upby site, and have been assigned the respective symbols a and b, but in acase where a particular symbol has not appended in the specification, itwill be assumed to be an explanation of contents shared in common.Further, any number of host computers 200 and storage subsystems 1000may be provided.

The host computer 200 and storage subsystem 1000 are coupled togethervia a data communication line 500.

Further, the data communication line 500 may be configured from one ormore networks. In addition, the data communication line 500 may beeither the data communication line 500 and the control line 55, or acommunication line or network that is common to both.

FIG. 3 shows the details of the management computer 10. The managementcomputer 10 comprises a memory 40, a processor 20, and a management port30. The memory 40, the processor 20 and the management port 30 arecoupled together via an internal network (not shown in the drawing).Furthermore, the management computer 10 may be coupled to the hostcomputer 200 and the storage subsystem 100 using a port other than themanagement port. Further, the memory 40 may be either a semiconductormemory and/or a disk device, or a combination of these. The memories ofthe host computer and the storage subsystem, which will be explainedbelow, may also be either semiconductor memories and/or disk devices, ora combination of these.

The processor 20 performs a variety of processes in accordance withexecuting a program stored in the memory 40. For example, the processor20 controls the host computer 200 by issuing the host computer 200 abackup control instruction.

The memory 40 stores a program that is executed by the processor 20, andinformation that the processor 20 requires. Specifically, the memory 40stores a management program 12, management-side AP-volume correspondenceinformation 13, management-side catalog information 14, management-sidereplication information 113C, management-side storage information 114C,management-side backup information 18, management-side clusterconfiguration information 19, and management-side site cataloginformation 15. The memory 40 also stores an AP program (hereinafter AP)16 and an OS (Operating System) 17. The AP 16 is an application programfor realizing various processing. For example, the AP 16 provides eithera database function, a mail server function, or a WEB server function.The OS 17 is the program that controls the overall processing of themanagement computer 10.

The management program 12 is for centrally managing the storagesubsystems 1000 and the host computers 200 at the plurality of sites (inthe case of FIG. 1, the primary site and the remote site) via thecontrol line 55.

The management-side AP-volume correspondence information 13 is formanaging the host computers that are respectively located at the twosites (the primary site and the remote site), and the AP 211 running onthese host computers. Furthermore, the AP-volume correspondenceinformation 13 will be explained in detail using FIG. 12. Themanagement-side catalog information 14 is for holding informationrelated to data that has been backed up. The management-side cataloginformation 14 will be explained in detail using FIG. 10. Themanagement-side site catalog information 15 is related to the backupdata and the backup time. The management-side site catalog information15 will be explained in detail using FIG. 11.

The management-side backup information 18 is for holding informationrequired for a backup. The management-side backup information 18 will beexplained in detail using FIG. 9.

The management-side cluster configuration information 19 is for managingthe configuration of the cluster system. The management-side clusterconfiguration information 19 will be explained in detail using FIG. 13.

The replication information 113C is for managing the configuration andstatus of a replication. The replication information 113C is theexplained in detail using FIG. 8.

The management-side storage information 114C is management informationrelated to the storage subsystem 1000 managed by this managementcomputer 10. The management-side storage information 114C creates onetable for one storage subsystem 1000. The management-side storageinformation 114C will be explained in detail using FIG. 7.

The management port 30 is an interface that is coupled to the hostcomputer 200 via the control line 55. The control line 55 may beconfigured from one or more networks. In addition, the control line 55may be either the data communication line 550 and the data communicationline 500, or a communication line or a network that is common to both.Further, the management computer 10 comprises an input/output device. Adisplay, a keyboard, and a pointer device are possible examples of theinput-output device, but a device other than these may also be used.Further, instead of an input/output device, a serial interface or anEthernet interface may be used as an input/output device, and thisinterface may be coupled to a display computer comprising a display, ora keyboard, or a pointer device, and may substitute for the input anddisplay of the input-output device by sending display information to thedisplay computer and receiving input information from the displaycomputer, and by carrying out a display on the display computer andreceiving an input.

Below, an aggregation of one or more computers, which manages thecomputer system and displays the display information of the presentinvention, may be called a management system. In a case where themanagement computer displays the display information, the managementcomputer is a management system, and a combination of the managementcomputer and the display computer is also a management system. Further,to increase the speed and enhance the reliability of managementprocessing, the same processing as that of the management computer maybe realized using a plurality of computers, and in accordance with this,this plurality of computers (including the display computer in a casewhere the display computer performs the display) is a management system.

FIG. 4 shows the details of the host computer 200. The host computer 200comprises a memory 210, a processor 220, a management port 240 and adata port 230.

The memory 210, the processor 220 and the data port 230 are coupledtogether via an internal network (not shown in the drawing).

The processor 220 realizes various processing by executing a programstored in the memory 210. For example, the processor 220 accesses one ormore logical volumes (hereinafter, may simply be called a volume) Volprovided by the storage subsystem 1000 by sending an I/O request to thisstorage subsystem 1000.

The memory 210 stores a program that is executed by the processor 220,and information that the processor 220 requires. Specifically, thememory 210 stores an AP 211, an OS 212, a backup program 213, a clusterprogram 214, management-side site catalog information 15L,management-side backup information 18L, management-side replicationinformation 113L, and a scheduler 217.

The AP 211 realizes various processing. AP is the abbreviation forApplication Program. The AP 211 provides either a database function or aWEB server function. The OS 212 is the program that controls the overallprocessing of the host computer 200. The backup program 213 receives aninstruction from the management computer, and implements processing inaccordance with this instruction. The cluster program 214 implementscluster processing, which is explained below. The scheduler 217 is aprogram for executing a predetermined program at a predetermined time.In this embodiment, the scheduler 217 is disclosed as an independentprogram, but it may be one function of the OS 212.

The management-side site catalog information 15L relates to the backupdata and backup time, and is a replication of the information by thesame name held by the management computer 10. A detailed explanation ofthe management-side site catalog information 15L will be omitted sinceit is the same as the management-side site catalog information 15 of themanagement computer 10. In this specification, this information isdescribed by appending an L at the end to distinguish it from theinformation of the same name in the management computer 10.

The management-side backup information 18L is for holding informationrequired for a backup, and is a replication of the information of thesame name held in the management computer 10. A detailed explanation ofthe management-side backup information 18L will be omitted since it isthe same as the management-side backup information 18 of the managementcomputer 10. In this specification, this information is described byappending an L at the end to distinguish it from the information of thesame name in the management computer 10.

The management-side replication information 113L is for managing theconfiguration and status of a replication, and is a replication of theinformation of the same name held in the management computer 10. Adetailed explanation of the management-side replication information 113Lwill be omitted since it is the same as the management-side replicationinformation 114C of the management computer 10. In this specification,this information is described by appending an L at the end todistinguish it from the information of the same name in the managementcomputer 10.

The data port 230 is an interface that is coupled to the storagesubsystem 1000 via the data communication line 500. Specifically, thedata port 230 sends an I/O request to the storage subsystem 1000.

The management port 240 is an interface that is coupled to themanagement computer 10 via the control line 55. Specifically, themanagement port 240 sends a control instruction to the managementcomputer 10.

The host computer 200 may also comprise an input/output device. Adisplay, a keyboard, and a pointer device are possible examples of theinput-output device, but a device other than these may also be used.Further, instead of an input/output device, a serial interface or anEthernet interface may be used as an input/output device, and thisinterface may be coupled to a display computer comprising a display, ora keyboard, or a pointer device, and may substitute for the input anddisplay of the input-output device by sending display information to thedisplay computer and receiving input information from the displaycomputer, and by carrying out a display on the display computer andreceiving an input. Further, the input/output devices of the hostcomputer 200 and the management computer 10 do not have to be the same.

Next, the storage subsystem 1000 will be explained using FIG. 2.

The storage subsystem 1000 a and the storage subsystem 1000 b arecoupled together via the data communication line 550. Further, thestorage subsystem 1000 comprises a storage control apparatus 300 and adisk device 1500.

Furthermore, the data communication line 550 may be configured from oneor more networks. In addition, the data communication line 550 may beeither the data communication line 500 and the control line 55, or acommunication line or network that is common to both.

The disk device 1500 is a disk-type storage media drive, and stores datathat is read-requested from the host computer 200. Instead of the diskdevice 1500, another type of storage device (for example, a flash memorydrive) may be used. The storage control apparatus 300 controls theentire storage subsystem 1000. Specifically, the storage controlapparatus 300 controls the writing of data to the disk device 1500 andthe reading of data from the disk device 1500. Further, the storagecontrol apparatus 300 provides a storage area of the disk device 1500 tothe host computer 200 as one or more logical volumes Vol. There may be aplurality of disk devices 1500.

The storage control apparatus 300 comprises a memory 1200, a cachememory 1100 (may be shared with the memory 1200), a storage port 1320, amanagement port 1330, and a processor 1310. Furthermore, in packagingthe storage control apparatus 300, one or more of each of theabove-mentioned hardware components (for example, the storage port 1320,the management port 1330, and the processor 1310) may reside on one ormore circuit boards. For example, from the standpoints of enhancingreliability and improving performance, the storage control apparatus 300may be made up of a plurality of units and each storage controlapparatus 300 may comprise a memory 1200, a storage port 1320, and aprocessor 1310, and, in addition, may be a hardware configuration inwhich a cache memory 1100 is coupled to a plurality of control units.Furthermore, although not shown in the drawing, the storage controlapparatus 300 comprises one or more backend ports, and the backend portis coupled to the disk device 1500. However, the storage controlapparatus 300 may be coupled to the disk device 1500 in accordance withhardware other than the backend port.

The cache memory 1100 temporarily stores data to be written to the diskdevice 1500 and data that has been read from the disk device 1500.

The storage port 1320 is an interface that is coupled to the hostcomputer 200 via the data communication line 500, and coupled to theother storage subsystem 1000 via the data communication line 550.Specifically, the storage port 1320 receives an I/O request from thehost computer 200. Further, the storage port 1320 returns data read fromthe disk device 1500 to the host computer 200. In addition, the storageport 1320 sends and receives data that is exchanged between the storagesubsystems 1000.

The management port 1330 is an interface that is coupled to themanagement computer 10 via the control line 55. Specifically, themanagement port 1330 receives a control instruction from the managementcomputer 10. There are two types of control instructions here, i.e., astorage control instruction and a backup control instruction. Thestorage control instruction comprises a storage information report, areplication establishment instruction, a replication temporary suspendinstruction, a resume replication instruction, a reverse replicationinstruction, and a replication status report instruction. The backupcontrol instruction is an instruction for the backup program on the hostcomputer 200. The backup control instruction comprises a volumeinformation report instruction, an AP configuration information report,a backup status report, a register scheduler instruction, a refreshinstruction, a register task scheduler instruction, a restoreinstruction, and a compound restore instruction.

The processor 1310 carries out a variety of processes in accordance withexecuting a program stored in the memory 1200. Specifically, theprocessor 1310 processes an I/O request received via the storage port1320. The processor 1310 also controls the writing of data to the diskdevice 1500 and the reading of data from the disk device 1500. Theprocessor 1310 sets a logical volume Vol based on the storage area ofone or more disk devices 1500 in accordance with processing a program,which will be described below.

A program that is executed by the processor 1310 and information that isrequired by the processor 1310 is stored in the memory 1200.Specifically, the memory 1200 stores storage-side replication pairinformation 1210, a storage-side replication processing program 1230,volume information 1250, and an I/O processing program 1290.

The I/O processing program 1290 processes either a read request or awrite request received from the host computer via the storage port. Anoverview of this processing is as follows:

In the case of a read request: This request specifies a logical volume,an address inside the logical volume, and a read length, and the I/Oprocessing program 1290 reads the data from either the cache memory 1100or the disk device 1500 in accordance with the specified content andsends this data to the host computer.

In the case of a write request: This request specifies a logical volume,an address inside the logical volume, and a write data length, and isassociated with write data. The I/O processing program, aftertemporarily storing the write data in the cache memory 1100, writes thewrite data to the disk device corresponding to the specified content.

The hardware configuration of the storage subsystem 1000 has beendescribed above, but the storage subsystem 1000 a and the storagesubsystem 1000 b do not necessarily have to have the same hardwareconfiguration.

Next, the programs and information stored in the memory 1200 will beexplained.

The storage-side replication pair information 1210 is for managing areplication pair. The replication pair is a pair of two logical volumesVol on the storage subsystem 1000 that is the target of a replication.The storage-side replication pair information 1210 will be explained indetail using FIG. 11.

The storage-side replication processing program 1230 carries outreplication processing (an initial replication and regular replication).The replication process will be explained in detail using FIGS. 35 and36.

The storage-side volume information 1250 is for managing the logicalvolume Vol that is provided in accordance with this storage subsystem1000. The storage-side volume information 1250 will be explained indetail using FIG. 15. According to the configuration explainedhereinabove, write data sent from the host computers 200 a, 200 b, 200c, 200 d is stored in a logical volume Vol of the primary site storagesubsystem 1000 a (the primary storage subsystem). In a case where thecomputer system is a remote cluster, the write data stored in thelogical volume Vol is transferred to the storage subsystem 1000 b (thesecondary storage subsystem) of the remote site in accordance witheither a synchronous replication or an asynchronous replication by theprimary storage subsystem, and the transferred write data is stored in alogical volume Vol of the secondary storage subsystem. In accordancewith this, the data, which is the data of the logical volume Vol of theprimary storage subsystem and which is the target of data duplication,can be made redundant, as a result of which, even in a case where thedata of the logical volume Vol of the primary storage subsystem is lost,either host computer 200 b or 200 d is able to resume the prescribedprocessing using the replicated data stored in the logical volume Vol ofthe secondary storage subsystem.

(1-2) Overview of First Embodiment

Next, an overview of the first embodiment will be explained.Furthermore, the lack of an explanation for an item in this overviewdoes not signify a waiver of rights with respect to this item.

First, a backup in a computer system that uses a local cluster (called alocal cluster system hereinafter) in accordance with the presentinvention will be explained. FIG. 5 shows the configuration for a backupin the local cluster system. FIG. 5-1 is the configuration of the localcluster system in the normal state. In the local cluster, a plurality ofhost computers located at the same site share the logical volume Vol ofthe same storage subsystem. Sharing the logical volume is not limited tothe above-mentioned plurality of host computers using this logicalvolume simultaneously, but does at a minimum signify that this pluralityof host computers sends access requests specifying this logical volume.An access request comprises a read request and a write request.

In the local cluster system, the one of the host computers 200 a and 200c is in the active state and the other is in the inactive state. Theactive-state host computer operates on at the least one or moreapplication programs, which are running on this host computer, andprovides an application program service to a client computer. Below, anapplication program targeted for control by the cluster system will becalled a cluster-target application, and will be described simply as APin the specification. Alternatively, the inactive-state host computerneither runs the cluster-target AP nor provides a service in accordancewith the target AP to a client computer. The above-mentioned two hostcomputers each monitor the status of the other host computer inpreparation for a hardware or logical failure. Further, a backup isrealized by the active-state host computer using a replication to copyand store data of a specified time created by the computer itself in thestorage subsystem.

The reason the active-state host computer issues an instruction for abackup operation here is because it is necessary for quiescencing the AP(a procedure for suspending the operation of the AP for a short periodof time so that the AP is able to recover the data of thebackup-targeted logical volume) and for completing the local replicationcontrol for the local replication in a short period of time. In a casewhere the steps for the above-mentioned backup are not able to becompleted in a short period of time, the so-called backup window (thetime during which the AP is suspended for backup) increases and the APperformance deteriorates dramatically, giving rise to problems.

A case in which the active-state host computer 200 a malfunctions forone reason or another will be considered here. In this case, as shown inFIG. 5-2, the cluster of the inactive-state host computer 200 c detectsthat a failure has occurred in the active-state host computer 200 a.Next, the inactive-state host computer 200 c boots up the AP in order totake over the operation of the AP, changes its state from theinactive-state to the active state, and changes its network settingssuch that access from the client computer is switched to this hostcomputer address. This change of network settings comprises preparing avirtual host identifier, such as either a virtual IP address or ahost-name IP, and in a case where the host computer, which is in theactive state, has changed, switching the host computer that correspondsto the virtual host identifier from the host computer that wasoriginally in the active state to the host computer that has newlytransitioned to the active state.

Furthermore, in a case where the method for this correspondence is avirtual IP address, there is a method in which the correspondence withthe MAC address of the host computer Ethernet port is switched inaccordance with ARP. In the case of a correspondence method that uses avirtual host-name, there is a method in which a DNS is operated andswitches the host-name to the host computing period. The followingexplanation will be premised on a system that switches the virtual IPaddress and virtual host-name before or after a failure. Furthermore, inthe premised system, the host computer having a virtual address will becalled the virtual host computer so that the computer with the virtualaddress will be recognized by the client computer rather than the hostcomputer 200. However, the present invention is not limited to thepresupposed system. Even a different system (for example, an addressswitching system in accordance with a DNS operation) is able to treatthe address of a virtual host computer handled by the present inventionas an address to be switched before or after a failure.

The switchover of AP operations between host computers as describedabove will be called a failover process here. There is a case where thefailover process is triggered by a failure and a case where the failoverprocess is triggered manually for test purposes. Further, a backupsubsequent to the failover process is realized by the host computer 200c that becomes active following the failover process using a localreplication to copy and store data of a specified point in time of thelogical volume that this computer accesses subsequent to failover.Further, since the data that has been backed up by the active-state hostcomputer subsequent to the failure is stored on the storage subsystem,the management-side catalog information, which consolidates the datastorage logical volume Vol at the time of the backup and the logthereof, is also switched over during the active-inactive host computingperiod as a result of the failover. To realize this, the management-sidecatalog information of the backup catalog is also stored in the logicalvolume Vol on the storage subsystem the same as the AP data, and sharedduring this host computing period.

Next, a backup in a computer system that uses a remote cluster(hereinafter called a remote cluster system) will be explained. FIG. 6shows the backup configuration in a remote cluster system.

FIG. 6-1 is the configuration of the remote cluster system in a normalstate. The remote cluster system is a cluster configuration foraccessing data on a logical volume Vol of storage subsystems havingdifferent host computers at the primary site and remote site,respectively. To enable the AP to perform the same processing betweenthe host computers of the primary site and the remote site, the storagesubsystems at both sites use remote replication to make the content ofthe data of the logical volumes Vol identical. In the remote clustersystem as well, the one of the host computers 200 a and 200 b is in theactive state and the other is in the inactive state. The active-statehost computer operates on at the least one or more application programs(AP), which are running on this host computer, and provides an APservice to a client computer. A backup is realized by the active-statehost computer 200 a using a storage subsystem local replication to copyand store data of a specified time created by the computer itself.

As shown in FIG. 6-2, in order to achieve AP switchover at failover, theinactive-state host computer 200 b boots up the AP and changes itsstatus from the inactive state to the active state. Further, in orderfor the host computer 200 b to access the data on the remote-sitestorage subsystem, which differs from the primary-site storage subsystemon which post-failover backup data is stored, it is not possible for thehost computer to use the data backed up on the same storage subsystem asin the local cluster. However, it is possible to use the backup data bycombining and controlling a remote replication and a local replicationbetween the storage subsystems. This process will be described below.The management-side catalog information, which takes into account thefact that the logical volume Vol that is the backup data storagedestination will differ before and after the failover, must be managedin order to realize the failover-triggered switchover during theactive-inactive host computing period. Furthermore, examples of causesof a failover in the remote cluster configuration are a failure of thehost computer that was in the active state, and also the failure of thestorage subsystem that was accessed by the host computer that was in theactive state. The fact that the remote cluster configuration is able todeal with these failures makes it different from the local clusterconfiguration.

As is clear here from FIGS. 5 and 6, the replication setting and moderequired in the system and in a backup will differ in each of the localcluster system and the remote cluster system. This embodimentfacilitates the setting of a replication configuration that differs inthe local cluster system and in the remote cluster system. In a casewhere the local cluster and the remote cluster are simply described inthis text as the cluster without distinguishing between the two willrefer to the cluster in general without distinction between local andremote.

Furthermore, a replication for configuring a remote cluster and areplication for creating a backup in the present invention are analogousin that the data of the copy-source logical volume is replicated in thecopy-destination logical volume, but they also differ in other respects.In the case of a replication for a remote cluster, the data of thecopy-destination logical volume is made to resemble the data of thelatest point in time of the copy-source logical volume as much aspossible by either continuously or repeatedly carrying out data copyprocessing. In accordance with this, even in a case where the storagesubsystem that provides the copy-source logical volume is damaged, it ispossible to resume work by reducing to the extent possible the updateddata that failed to be copied by using the copy-destination logicalvolume that has new data (or the same data as the copy-source logicalvolume) as much as possible. In a case where the copy-destinationlogical volume is used in an application like this (may be calleddisaster recovery use), typically one copy-destination logical volumecorresponds to one copy-source logical volume. However, in a case wherea replication is carried out to a plurality of storage apparatuses,called a multi-target system, there may be cases in which a plurality oflogical volumes correspond to one copy-source logical volume.

Alternatively, in a case where a replication is utilized for backup use,the data of the copy-source logical volume of a prescribed point in timeis created either physically or virtually in the copy-destinationlogical volume. In addition to using the backup data when recoveringdata that has been either lost or corrupted, the above-describedreplication is also able to cope with the type of failure that iscommunicated to the copy-destination logical volume by the copy process.An operational error or erroneous setting by the administrator, a virusinfection, and a program malfunction are examples of this type offailure. More preferentially, the backup data is often used to create aplurality of generations.

Furthermore, in the case of backup use, there is also a technique calleda logical snapshot for providing backup data virtually, and thistechnique may be employed as one means of creating backup data in thispresent invention. Further, in the case of backup use, the copy-sourcelogical volume and the copy-destination logical volume need not exist inthe same storage subsystem. In the explanations that follow, areplication for disaster recovery use will be called a remotereplication, and a replication for backup use will be called a localreplication to simplify the explanation.

Furthermore, in the following explanation, an AP executed on the hostcomputer that is in the active state prior to a failover will beexplained as corresponding to a single virtual host identifier. However,the correspondence between the AP and the virtual host identifier is notlimited to this. For example, in a case where a plurality of APs areexecuted on the active-state host computer, a certain virtual hostidentifier may be allocated to a certain AP, and a different virtualhost identifier may be allocated to another AP.

Furthermore, in the explanation that follows, “Replication” may beshortened to “REPLI”.

(1-3) Information Handled by the Computer System of This FirstEmbodiment

(1-3-1) Management-Side Storage Information

FIG. 7 is a diagram showing an example of the configuration of themanagement-side storage information 114C stored in the managementcomputer 10. Furthermore, the management-side storage information 114Cis a table created based on information acquired from the storagesubsystem 1000, and the creation process will be explained below.

The management-side storage information 114C is a table showing thecorresponding relationship between a logical volume Vol (volume ID)recognized by the host computer 200, and a logical volume Vol (HW volumeID) allocated by the storage subsystem, and comprises a storagesubsystem ID 11402, a logical volume ID 11403, and a HW logical volumeID 11404.

The storage subsystem ID 11402 is the identifier of the storagesubsystem 1000 that is managed by the management computer 10.

The host ID 11405 is the identifier used for uniquely identifying thehost computer 200 in the computer system. In the case of a cluster, avirtual host computer may be provided to the client computer out ofconsideration for client computer couplability. A host ID is set in thishost ID 11405.

The logical volume ID 11403 is a logical volume Vol identifier for thehost computer to identify a logical volume Vol inside the storagesubsystem 1000. Information such as 23:10 is stored in FIG. 7.

The HW logical volume ID 11404 is the identifier of a logical volume Volthat the storage subsystem 1000 provides and manages inside its ownstorage subsystem for use in the internal processing of the storagesubsystem 1000 denoted by the storage subsystem ID 11402. Informationsuch as 23:10 is stored in FIG. 7.

In the above explanation, the management-side storage information 114Cwas explained as information comprising a table structure, but thisinformation may also be a data structure other than a table as long asthis data structure makes it possible to specify the storage subsystem1000 of each site, and the volume of this storage subsystem 1000.

In addition, the above-mentioned management-side storage informationthat consolidates a plurality of management-side storage information114C may also be any data structure as long as this data structure makesit possible to specify the storage subsystem corresponding to each site,and the volume of this storage subsystem.

(1-3-2) Management-Side Replication Information

FIG. 8 is a diagram showing an example of the configuration of themanagement-side replication information 113C stored in the managementcomputer 10. Furthermore, the management-side replication information113C is for managing a replication, and the management computer 10 usesthis information to create two tables, i.e., a management-side storageinformation table 113A at the primary site and a management-side storageinformation table 113B at the remote site. This operation will beexplained in detail below.

The management-side replication information 113C is a table that iscreated each time the management computer 10 establishes a replication,and a replication group ID (a replication group identifier) is assignedin this table for each request. The replication group is a set of aplurality of replication pairs.

The management-side replication information 113C comprises a replicationgroup ID 11300, replication option information 11301, a replicationstatus 11302, and replication configuration information 11303 to 11307.

The replication group ID 11300 is an identifier for managing a pluralityof replication pairs by consolidating these pairs into a group.

The replication option information 11301 comprises a replication typeand replication option information. The replication type is a functionprovided by the storage subsystem 1000. The replication type shows anyof a local replication, a synchronous remote replication, or anasynchronous remote replication. For our purposes here, the replicationtype is broadly divided into the local replication and the remotereplication. The remote replication is a replication carried out betweendifferent storage subsystems 1000, and in accordance with this, thereplication source logical volume Vol (called the primary logicalvolume) and the replication destination logical volume Vol (called thesecondary logical volume) exist separately in the storage subsystem 1000a and the storage subsystem 1000 b.

The remote replication may also be either a synchronous remotereplication or an asynchronous remote replication. The synchronousremote replication is a remote replication in which the timing of thereplication process for making the contents of the primary logicalvolume and the secondary logical volume identical coincides with thewriting of data by the host computer. The asynchronous remotereplication is a remote replication in which the timing of thereplication process for making the contents of the primary logicalvolume and the secondary logical volume identical does not coincide withthe writing of data by the host computer. It is also possible to specifyan option that has been provided for each replication type in thereplication option information. The option information may includeinformation denoting whether or not a write to thereplication-destination logical volume Vol (the secondary logicalvolume) is possible during a temporary suspend of the remotereplication. A temporary suspend of the remote replication is atemporary suspension of the remote replication resulting from a requestfrom the management computer 10.

The replication status information 11302 shows the current status of areplication that is managed in accordance with this replicationinformation 113. Specifically, for example, the replication statusinformation 11302 indicates the status of the replication being managedin accordance with this replication information 113 to be any of notcopied, copying, temporary suspend, pair status or abnormal status.

The replication configuration information comprises a pair ID 11303, aprimary storage subsystem ID 11304, a HW volume ID 11305, a secondarystorage subsystem ID 11306 and a secondary HW volume ID 11307.

The pair ID 11303 is an identifier that the management computer 10assigns to a pair.

The primary storage subsystem ID 11304 is the identifier of thereplication source (hereinafter, the primary side) storage subsystem(hereinafter, the primary storage subsystem) 1000 a that provides theprimary logical volume. The primary storage subsystem 1000 a stores datafrom a site computer device 100 a and from the host computer 200 a.

The primary HW volume ID 11305 is the identifier of the primary logicalvolume that the primary storage subsystem 1000 a provides for performingmanagement inside its own storage subsystem.

The secondary storage subsystem ID 11306 is the identifier of thereplication-destination (hereinafter, secondary side) storage subsystem1000 b (hereinafter, secondary storage subsystem) that provides thereplication-destination secondary logical volume.

The secondary HW volume ID 11307 is the identifier of the secondarylogical volume that the secondary storage subsystem 1000 b provides forperforming management inside its own storage subsystem.

Furthermore, the primary logical volume refers to the copy-sourcelogical volume and the secondary logical volume refers to thecopy-destination logical volume. A single storage system provides aplurality of logical volumes, and each of these volumes is individuallyable to become a primary logical volume and a secondary logical volume.Therefore, in the case of a primary storage subsystem, a primary logicalvolume is not the only logical volume that exists in this subsystem. Thename primary storage subsystem is only allocated to simplify theexplanation when the explanation focuses on a replication paircomprising a primary logical volume and a secondary logical volume thatis the subject of the explanation. The same thing also applies to theterm secondary storage subsystem.

The respective replication statuses have the following meanings.

Not copied status: Status indicating that copying has not begun.

Copying status: Status wherein the data of the primary logical volume isbeing copied to the secondary logical volume. In addition totransitioning to this status from the not copied status, there are alsocase where this status is transitioned to from either the temporarysuspend status of the abnormal status.

Pair status: Status indicating that the data of the primary logicalvolume has been completely copied to the secondary logical volume, andthat a process for reflecting write data for the primary logical volumein the secondary logical volume is being carried out. This status istransitioned to from the copying status. Furthermore, in the case ofdisaster recovery use, the recovery of an AP operation that uses thelatest data is not possible unless the replication pair has transitionedto this status.

Temporary suspend status: Status wherein the reflection of write data inthe pair status has been suspended, and data at the point in time when aprimary logical volume reflection process was suspended to the secondarylogical volume is stored. In a replication for backup use, such as theabove-mentioned logical snapshot, the reflection process need not besuspended since the host computer may be provided with information tothe effect that the secondary logical volume is virtually storing thedata of the primary logical volume of a prescribed point in time. Inaddition, the write location for a write to either the primary logicalvolume or the secondary logical volume during this status may berecorded in accordance with a bitmap or the like. This write locationinformation is for making it possible to reduce the copy amount bylimiting a copy performed when the status has transitioned to thecopying status to the location recorded in this information.

Abnormal status: Status indicating that a copy process has beensuspended due to an abnormality resulting from a failure of some sort,for example, a failure of the storage subsystem or in the networkbetween the storage subsystems. This status is transitioned to fromeither the copying status or the pair status. In this status, too, awrite location record that uses write location information may beperformed as was explained with respect to the temporary suspend status.

In the above explanation, the management-side replication information113C was explained as information comprising a table structure, but thisinformation may also be a data structure other than a table as long asthe data structure comprises the correspondence between a replicationgroup and one or more replication pairs, or the replication status ofthe replication group (or the replication pair), or the correspondencebetween the replication pair, the storage subsystem 1000, and thevolume.

In addition, information that consolidates a plurality ofmanagement-side replication information 113C may be handled asreplication information, and in this case as well, the replicationinformation may be a data structure other than a table as long as thedata structure comprises the correspondence between a replication groupand one or more replication pairs, or the replication status of thereplication group (or the replication pair), or the correspondencebetween the replication pair, the storage subsystem 1000, and thevolume.

(1-3-3) Management-Side Backup Information

FIG. 9 is a diagram showing an example of the configuration of themanagement-side backup information 18 stored in the management computer10.

The management-side backup information 18 holds a user-specified backupcondition. The management-side backup information 18 comprises a backupID 1801, a virtual host ID 1802, an AP 1803, a data1 1804, a data2 1805,and Backup columns (start 1807, interval 1808, protection period 1809).The backup ID 1801 is an identifier that the management computer 10assigns to a backup target.

The virtual host ID 1802 is the host computer identifier. In the case ofa cluster, a virtual host computer may be provided to the clientcomputer out of consideration for client computer couplability. In thiscase, the virtual host ID is set in this virtual host ID 1802. In thecase of no cluster, the normal host ID is stored in the ID 1802.

The AP 1803 is the identifier of the AP 211.

The data1 (1804) is the name of the data that the host computer 200references while running the AP 211. In a case where the data of the AP211 is configured in a plurality of hierarchies, the data name that isidentified by the highest level hierarchy is stored.

The data2 (1805) is the data name identified by the second highest levelhierarchy inside the hierarchical data that the host computer 200references while running the AP 211.

This data2 is only stored in a case where the data of the AP 211 isconfigured in a plurality of hierarchies. The following embodiment ispremised on the fact that there are two hierarchies of AP 211 data.However, in a case where there are three of more AP 211 datahierarchies, the present invention is applicable when information thatstores the data name of these hierarchies is added corresponding to thenumber of these hierarchies.

The Backup column start 1807 stores a backup start time. The Backupcolumn interval 1808 is the time interval at which a backup is acquired.The Backup column protection period 1809 is the period of time duringwhich the backed up data is protected.

(1-3-4) Management-Side Catalog Information

FIG. 10 is a diagram showing an example of the configuration of themanagement-side catalog information 14 stored in the management computer10. The management-side catalog information 14 holds information relatedto the backup data. The management-side catalog information 14 comprisesa backup ID 1401, a Remote Cluster 1403, a replication group 1404, ahost ID (from 1st to 2nd), and an active host ID 1407.

The backup ID 1401 is an identifier for identifying a backup.

The Remote Cluster 1403 shows whether or not the computer system is aremote cluster. In the case of a remote cluster, a replication group IDrelated to this host ID is also stored in the replication group ID 1404.

The 1st 1405 host ID stores the host ID. Similarly, the 2nd 1406 host IDstores a second host ID. In FIG. 10, only enough columns exist for a 2ndhost ID, but there may be a 3rd host ID and more. As explained above, inthe case of a cluster, the host computer may be virtualized, and inaccordance with this, a third and subsequent host computer IDscorresponding to this virtual host computer will be stored in this hostID.

The active host ID 1407 specifies the active-state host computer in thecluster system.

(1-3-5) Management-Side Site Catalog Information

FIG. 11 is a diagram showing an example of the configuration of themanagement-side site catalog information 15 stored in the managementcomputer 10.

The management-side site catalog information 15 holds informationrelated to a replication used in a backup and the backup time. Themanagement-side site catalog information 15 comprises a backup ID 15001,a host ID 15002, a generation-in-use 15003, a number of generations15004, a first generation group 15005, a first generation time 15006, asecond generation group 15007, a second generation time 15008, a thirdgeneration group 15009, and a third generation time 15010.

The backup ID 15001 is an identifier that the management computer 10assigns to a backup target.

The host ID 15002 stores the host ID.

The generation-in-use 15003 specifies the replication group that isbeing used in the current backup.

The number of generations 15004 shows the number of replicationgenerations used in the same backup target. The replication generationdenotes the number of replication groups with common replication-sourcedata and different replication destinations. Providing a generation to areplication makes it possible to make a plurality of replications of thesame data at different times. That is, in a case where the replicationgeneration number is 3, this specifies that the backup-targeted data hasbeen backed up at three different times in the same storage subsystem.

Next, first generation (group 15005, time 15006) to third generation(groups 15009, time 15010) show by generation the relationship betweenthe backup acquisition time and the replication group in which thisbackup is stored. As described above, this information exists from 15005to 15010. Of course, it goes without saying that the present inventionis also applicable for backup generations beyond the third generation.

(1-3-6) Management-Side AP-Volume Correspondence Information

FIG. 12 is a diagram showing an example of the configuration of themanagement-side AP-volume correspondence information 13 stored in themanagement computer 10.

The management-side AP-volume correspondence information 13 is formanaging the corresponding relationship between the data, which ishandled by the backup-target application program (AP) running on thehost computer, and the logical volume Vol in which this data is to bearranged. The management-side AP-volume correspondence information 13comprises a host ID 13001, a virtual host ID 13002, an application name13003, a data1 (13004), a data2 (13005) and a volume ID 13006.

The host ID 13001 is the identifier of the host computer 200. In thecase of a cluster, a virtual host computer may be provided to the clientcomputer out of consideration for client computer couplability. In thiscase, a virtual host ID is set in this host ID 13001. In the case of nocluster, a normal host ID is stored in the ID 13001.

The virtual host ID 13002 is the identifier of the virtual host computerthat is set in the cluster-target host computer. The virtual host ID13002 is used in the case of a cluster environment.

The application name 13003 is the name of the AP 211 that is running onthis host computer 200.

The data1 (13004) is the name of the data that the host computer 200references while running the AP 211. In a case where the AP 211 data isconfigured in a plurality of hierarchies, the data name of the highestlevel hierarchy is stored.

The data2 (13005) is the data name of the second highest level hierarchywithin the hierarchical data that the host computer 200 references whilerunning the AP 211. This data2 is only stored in a case where the AP 211data is configured in a plurality of hierarchies.

The volume ID 13006 is the identifier of the logical volume Vol thatstores the AP 211 data, and is the logical volume Vol identifier thatthis host computer 200 uses to identify the logical volume Vol insidethe storage subsystem 1000.

(1-3-7) Management-Side Cluster Configuration Information

FIG. 13 is a diagram showing an example of the configuration of themanagement-side cluster configuration information 19 that is stored inthe management computer 10.

The management-side cluster configuration information 19 is for managingthe cluster configuration of this computer system. The management-sidecluster configuration information 19 comprises a virtual host ID 19001,a Remote Cluster 19002, and host IDs (1st 19003, 2nd 19004).

The virtual host ID 19001 is the identifier of the virtual host computerset in the cluster-target host computer 200.

The Remote Cluster 19002 shows whether or not the computer system is aremote cluster. In the case of a remote cluster, a replication group IDrelated to this host ID is also stored in the replication group ID 1404.

A host ID corresponding to the above-mentioned virtual host computer isstored in the 1st 19003 host ID. Similarly, a second host IDcorresponding to the above-mentioned virtual host computer is stored inthe 2nd 19004 host ID. FIG. 13 shows an example in which there are twohost computers, but the present invention is not limited to two hostcomputers. For example, in the case of three hosts, a 3rd informationcolumn is added to the host ID. Of course, there may also be more orless than three hosts that provide a single virtual host in the presentinvention.

(1-3-8) Storage-Side Replication Pair Information

FIG. 14 is a diagram showing an example of the configuration of thestorage-side replication pair information 1210 stored in the storagesubsystem 1000 of the first embodiment of the present invention.

The storage-side replication pair information 1210 comprises areplication pair ID 12101, a volume ID 12102, replication statusinformation 12103, a replication-target storage subsystem ID 12104, areplication-target volume ID 12105, a replication type 12106 and areplication group ID 12107.

The replication pair ID 12101 is the identifier of the replication pairthat comprises the logical volume Vol identified by the logical volumeID 12102 and the logical volume Vol identified by the replication-targetvolume ID 12105. Specifically, the pair ID 11303 of the above-describedreplication information 113 is registered.

The volume ID 12102 is the identifier of the logical volume Vol that isprovided by the storage subsystem 1000 storing this replication pairinformation 1210.

The replication status information 12103 shows the current status of thereplication with respect to the logical volume Vol that is identified bythe logical volume ID 12102. Specifically, the replication statusinformation 12103 shows that the status of the replication pairspecified by this replication pair ID is any of not copied, copying,temporary suspend or abnormal.

The replication-target storage subsystem ID 12104 is the identifier ofthe storage subsystem 1000, which provides the replication-destinationlogical volume Vol that forms the replication pair with logical volumeVol identified by the logical volume ID 12102. That is, the secondarystorage subsystem 1000 identifier is stored in the replication-targetstorage system ID 12104.

The replication-target volume ID 12105 is the identifier of the logicalvolume Vol that forms the replication pair with the logical volume Volidentified by the logical volume ID 12102. That is, the identifier ofthe secondary logical volume, which is the replication destination ofthe data that is stored in the logical volume Vol identified by thelogical volume ID 12102, is stored in the replication-target volume ID12105.

The replication type ID 12106 is a function provided by the storagesubsystem 1000, and shows that the replication is any of a synchronousremote replication, an asynchronous remote replication, or a localreplication.

The replication group ID 12107 is the identifier of the replicationgroup of the replication pair identified by the replication pair ID12101. The storage subsystem 1000 manages a replication group comprisingone or more replication pairs. For this reason, the management computer10 is able to specify a replication group and to request a temporarysuspend, resume or delete of a remote replication in the batch mode forthe replication pairs included in the group.

In the above explanation, the replication pair information 1210 has beenexplained as information comprising a table structure, but thisinformation may also be a data structure other than a table as long asthe data structure comprises the correspondence between a replicationpair and the replication group, the correspondence between thereplication pair and the storage volume, and the replication type andreplication status of the replication pair.

Further, the replication pair information 1210 a of the storagesubsystem 1000 a and the replication pair information 1210 b of thestorage subsystem 1000 b do not necessarily have to be the same datastructure or the same data.

(1-3-9) Storage-Side Volume Management Information

FIG. 15 is a diagram showing an example of the configuration of thestorage-side volume management information 1250 stored in the storagesubsystem 1000 of the first embodiment of the present invention.

The storage-side volume management information 1250 comprises a logicalvolume ID 12501, volume status information 12502, a capacity 12503, areplication pair ID 12504, and a group ID 12505.

The logical volume ID 12501 is the identifier of the logical volume Volprovided by the storage subsystem 1000 that stores this volumemanagement information 1250.

The volume status information 12502 shows the current status of thelogical volume Vol identified by the logical volume ID 12501.Specifically, at the least one status from among primary logical volume,secondary logical volume, normal, abnormal or unpackaged is stored inthe volume status information 12502.

For example, in a case where the logical volume Vol identified by thelogical volume ID 12501 is the primary logical volume, “primary logicalvolume” is stored in the volume status information 12502. Further, in acase where the logical volume Vol identified by the logical volume ID12501 is the secondary logical volume, “secondary logical volume” isstored in the volume status information 12502. Furthermore, the primarylogical volume denotes the volume that is the replication source of theremote replication, and the secondary logical volume denotes the volumethat is the replication destination of the remote replication.

Further, in a case where the host computer 200 is able to normallyaccess the logical volume Vol identified by the logical volume ID 12501,“normal” is stored in the volume status information 12502. Further, in acase where the host computer 200 is not able to normally access thelogical volume Vol identified by the logical volume ID 12501, “abnormal”is stored in the volume status information 12502. For example,“abnormal” is stored in the volume status information 12502 at the timeof a disk device 1500 malfunction or a replication failure.

Further, in a case where data is not stored in the logical volume Volidentified by the logical volume ID 12501, “unpackaged” is stored in thevolume status information 12502.

The capacity 12503 is the capacity of the logical volume Vol identifiedby the logical volume ID 12501. The replication pair ID 12505 is theunique identifier of the replication pair comprising the logical volumeVol identified by the logical volume ID 12501.

The replication pair ID 12504 is the identifier of the replication pairrelated to the logical volume ID 12501. Specifically, the pair ID 11303of the replication information 113 explained using FIG. 6 is storedhere.

The replication group ID 12505 is the identifier of the replicationgroup of the replication pair ID 12504. The replication group IDprovided in the replication information table 113 created each time themanagement computer 10 requests a replication is stored here.

In the above explanation, the storage-side volume management information1250 has been explained as information comprising a table structure, butthis information may also be a data structure other than a table as longas the data structure comprises the logical volume Vol status andcapacity. Further, this information may also comprise the correspondencebetween the logical volume Vol and the replication pair, or thecorrespondence between the logical volume Vol and the replication group.

Further, the volume management information 1250 a of the storagesubsystem 1000 a and the volume management information 1250 b of thestorage subsystem 1000 b do not necessarily have to be the same datastructure or the same data.

(1-4) Information Creation Process of Computer System of FirstEmbodiment

The processing operations of the computer system of the first embodimentwill be explained below. Furthermore, in this embodiment, it is supposedthat the settings required in the cluster system are implemented in thehost computer 200. However, it is supposed that a remote replication isnot established in a remote cluster, and that the cluster program on thehost computer 200 is in the suspend status.

(1-4-1) Management-Side Storage Information Creation Process

First of all, the creation process of the management-side storageinformation 114C will be explained. The management computer 10 createsthis information based on the management program 12.

FIG. 16 is the flow of processing by which the management computer 10creates management-side storage information 114C related to the storagesubsystem 1000.

The management computer 10 receives either an address or a storagesubsystem ID from the user. The management computer 10 issues a storagecontrol instruction based on the received address (Step 5000).

Next, the storage subsystem 1000, upon receiving the control instructionsent in Step 5000, analyzes the contents of this instruction (Step5010).

Next, the storage subsystem 1000 references the storage-side volumemanagement information 1250 in the memory 1200 on the basis of theanalyzed contents, and returns the contents of this managementinformation as a response to the above-mentioned control instruction(Step 5020). The contents of this management information comprise a HWlogical volume ID, volume status information, and a capacity. Thestorage subsystem ID here may be a network address (for example, an IPaddress) or an ID such as a hardware product number. However, in thecase of the hardware product number, this hardware product number isincluded in the above-mentioned management information.

The management computer 10, upon receiving the control instructionresponse from the storage subsystem 1000, analyzes the contents thereofand determines whether or not these contents are normal (Step 5030).

In a case where the control instruction response from the storagesubsystem 1000 is normal (Step 5030: YES), the management computer 10creates the management-side storage information 114C. Since the host ID11405 and the volume ID 11403 are information that is unavailable in thestorage subsystem at the time of creation, these columns are left blank.

Alternatively, in a case where the control instruction response from thestorage subsystem 1000 is not normal (Step 5030: NO), the managementcomputer 10 notifies the user that a storage subsystem does not exist atthe specified address.

(1-4-2) Process for Creating Management-side Cluster ConfigurationInformation

Next, the process for creating management-side cluster configurationinformation will be explained. The management computer 10 creates thisinformation based on the management program 12.

FIG. 17 is the flow of processing by which the management computer 10creates the management-side cluster configuration information 19 usingthe cluster system management information.

The management computer 10 receives the address of the host computerrequired for managing the cluster system and the address of the virtualhost computer corresponding to this host computer from the user via aterminal or other such input screen (Step 5100). This address is eitherthe host computer network address or the network host name here, and inthis specification is handled the same as the host ID. Normally, in thecase of a cluster system, a plurality of host computers correspond to asingle virtual host computer. FIG. 18 shows an example of the inputscreen. In FIG. 18, two host computers (addresses “P-host1” and“P-host2”) are inputted for the virtual host computer of the address“host1”.

Next, the management computer 10 creates a backup control instruction (avolume information report) using the address inputted from the user asthe instruction destination, and issues this instruction to the hostcomputer 200 (Step 5110). For example, since two host computers arespecified in the input of FIG. 18, the management computer 10 issues thebackup control instruction to two different host computers.

The host computer 200, upon receiving this instruction, analyzes thecontent of this instruction (Step 5120), and next, acquires from the OS212 the volume information managed by this OS. The volume informationobtained from this OS comprises the volume ID and HW volume ID of allthe volumes managed by this OS, and the ID of the storage subsystem inwhich this HW volume exists. Next, the host computer 200 creates aresponse to the backup control instruction that includes this volumeinformation, and returns this response to the management computer 10(Step 5130).

The management computer 10, upon receiving the backup controlinstruction response from the host computer 200, analyzes the contentthereof and determines whether or not it is a normal response (Step5140).

In a case where the host computer 200 response is normal (Step 5140:YES), the management computer 10 determines whether or not there is acommon combination among the combinations of storage subsystem ID and HWlogical volumes obtained from the responses of all the host computers200 (Step 5150).

In a case where a combination of the storage subsystem ID and the HWlogical volume are common to a combination obtained from the response ofanother host computer (Step 5150: YES), the management computer 10determines that the cluster system is a local cluster, and creates themanagement-side cluster configuration information 19 on the basis ofthis determination (Step 5180). Specifically, the management computer 10sets the Remote Cluster 19002 of the management-side clusterconfiguration information 19 to “No”, and, in addition, creates themanagement-side cluster configuration information 19 comprising thevirtual host computer address of the user input information in thevirtual host ID 19001 and one or more host computer addresses. Next, toclarify the corresponding relationship between the host computerinputted in Step 5100 and the storage subsystem, volume ID and HW volumeID obtained from the above-mentioned response (will be called E2Einformation), the management computer 10 fills in the blank portions(the volume ID and the host ID) with the content of the above E2Einformation in which the storage subsystem ID and the HW volume ID ofthe created management-side storage information 114C of FIG. 16 areidentical.

In a case where the combinations of the storage subsystem ID and the HWlogical volume all differ from the combinations obtained from theresponses of the other host computers (Step 5150: NO), the managementcomputer 10 determines that the cluster system is a remote cluster, andcreates the management-side cluster configuration information 19 inwhich the Remote Cluster 19002 is set to Yes (Step 5160). Next, toclarify the host computer inputted in Step 5100 and the E2E informationobtained from the above response, the management computer 10 fills inthe blank portions (the volume ID and the host ID) with the content ofthe above E2E information in which the storage subsystem ID and the HWvolume ID of the created management-side storage information 114C ofFIG. 16 are identical.

(1-4-3) Management-Side AP-Volume Correspondence Information

Next, the process for creating the management-side AP-volumecorrespondence information will be explained. The management computer 10creates this information based on the management program 12.

FIG. 19 is the flow of processing by which the management computer 10creates the management-side AP-volume correspondence information 13 forcorrespondingly managing an AP running on the host computer 200 and thevolume used by this AP.

The management computer 10 receives the address of the virtual hostcomputer from the user and the name of the application running on thehost computer 200 specified by this virtual host computer via a terminalor other such input screen (Step 5200). The address of the virtual hostcomputer is specified here to eliminate the user information input step.Therefore, the host computer 200 may perform inputting, but, in thiscase, a plurality of host computers 200 must be specified. Further, aplurality of application names may also be specified. In thisembodiment, the creation of the management-side cluster configurationinformation and the management-side AP-volume correspondence informationare disclosed as separate processes, but these processes may be a seriesof steps. FIG. 20 shows an example of an input screen.

Next, the management computer 10 creates a backup control instruction(an AP configuration information report) using the address inputted fromthe user as the instruction destination, and issues this instruction tothe plurality of host computers 200 corresponding to the specifiedvirtual host computer (Step 5200). For example, in a case where two hostcomputers correspond to one virtual host computer, the managementcomputer 10 issues the backup control instruction to the two differenthost computers.

The host computer 200, upon receiving this instruction, analyzes thecontent of this instruction (Step 5210), and next, acquires informationrelated to the volume used by the AP 211 from either the AP 211 or theOS 212. This information comprises information about all the data usedby this AP and the ID of the volume in which this data is arranged.There may be cases here in which the data used by this AP 211 is groupedinto a plurality of hierarchies, in which case the host computer 200collects all of this grouped information, creates a response to thebackup control instruction as information corresponding to the volumeinformation, and returns this response to the management computer 10(Step 5220).

The management computer 10, upon receiving the response to the backupcontrol instruction from the host computer 200, analyzes the contentthereof and determines whether or not it is a normal response (Step5230).

In a case where the response of the host computer 200 is normal (Step5230: YES), the management computer 10 creates the management-sideAP-volume correspondence information 13 from the acquired response (Step5240). Specifically, the management computer 10 creates from theacquired response the management-side AP-volume correspondenceinformation 13 that stores the information of all the data used by theAP in the data1 (13004) and the data2 (13005), and the volume ID in the13006.

In a case where the response from the host computer 200 is not normal(Step 5230: NO), the management computer 10 notifies the user thatapplication information acquisition failed.

(1-4-4) Process for Setting a Backup

Next, the management computer 10 implements a backup setting. In thebackup setting steps, the management computer creates management-sidebackup information 18, management-side catalog information 14, andmanagement-side site catalog information 15. The process for creatingthe respective information in the backup setting will be explainedbelow. The management computer 10 creates all the information mentionedabove on the basis of the management program 12.

FIG. 21 is the flow of processing by which the management computer 10creates management-side backup information 18, the management-sidecatalog information 14, and the management-side site catalog information15 required for a backup.

First, the management computer 10 acquires the backup-target applicationfrom the user and the virtual host computer 200 information via an inputscreen on a terminal or the like (Step 5300). FIG. 22 shows an exampleof the input screen.

In FIG. 22, the management computer 10 obtains the virtual host computerHost1 and the application name DB from the list of application programsin the top portion of the drawing as backup-target information. Next,the management computer 10 acquires Instance1 from the application datainformation in the bottom portion of the drawing as backup-target data.In the screen of FIG. 22, when the user has finished inputting all ofthe information and presses the create backup schedule button, a screenfor specifying the backup data appears. In accordance with this screen,the management computer 10 acquires the protection-targeted data of thebackup-target application. FIG. 23 shows an example of the screen.Specifically, in FIG. 23, the management computer 10 acquires DB1 of theInstance1 as the backup-target data of the application name DB specifiedin FIG. 22.

Next, the management computer 10 creates the management-side backupinformation 18 based on the above-mentioned backup-target AP name anddata (Step 5315). Specifically, the management computer 10 respectivelyregisters the virtual host computer name (acquired in FIG. 22), theapplication name (acquired in FIG. 22), the data name (acquired in FIG.22) and the detailed data name (acquired in FIG. 23) obtained from theuser input into the host ID 1802, the AP 1803, the data1 (1804) and thedata2 (1805), and, in addition, the management computer 10 creates apredetermined unique backup ID 1801 and registers same in the backup ID1801.

Next, the management computer 10 acquired backup schedule informationfrom the user via an input screen. The backup schedule informationoffers a selection of either immediate backup or scheduled backup, andfor scheduled backup, also includes a start time, a protection period,and a backup interval. FIG. 24 shows an example of the input screen. InFIG. 24, the management computer 10 acquires a start time of 10:12, aprotection period of three days, and a backup interval of one day as thebackup schedule. In addition, the management computer 10 computes thebackup frequency by dividing the time specified in the start time by theschedule mode. In the example of FIG. 24, the start time numeral (one of10:12) is divided by the schedule mode (in day units) to produce aquotient of 1.

Next, the management computer 10 computes the number of backupgenerations. An example of the formula for computing the number ofbackup generations is shown below.

Number of backup generations=backup period×backup frequency

For example, in the example of FIG. 24, the number of generations is thethree-day backup period×one-day backup frequency, or three (3).

Next, the management computer 10 performs the processing 5330 forestablishing the replication configuration.

Next, the management computer 10 issues a backup control instruction tothe active-state host computer 200 (Step 5340). Specifically, themanagement computer 10 issues a backup control instruction (a schedulerregistration instruction), which comprises the management-side sitecatalog information 15 and the management-side backup information 18, tothe active-state host computer 200. The active-state host computer 200is the host computer that is coupled to the primary-side storage, andthe status is host computer cluster program 214. Since one arbitraryhost computer may be in the active state in the case of a local cluster,the management computer 10 references the host computer 200 clusterprogram 214 status, and decides the active-state host computer 200. Theoperations of the active-state host computer 200 will be explainedbelow.

Next, the process by which the management computer 10 establishes thereplication configuration will be explained using FIG. 25.

First, the management computer 10 checks whether or not the RemoteCluster of the information (the combination of the virtual host ID, theRemote Cluster, and the host ID) of this row of the management-sidecluster configuration information 19, in which the virtual host ID ofthe management-side cluster configuration information 19 corresponds tothe virtual host ID specified in Step 5300, is “Yes” (Step 5331).

In a case where the Remote Cluster is “Yes” (Step 5331: YES), themanagement computer 10 performs a remote cluster setting. That is, themanagement computer 10 references the management-side AP-volumecorrespondence information 13, which comprises the host ID 11301 and theapplication name 13003 specified in Step 5300. Next, the managementcomputer 10 detects the storage subsystem ID 11402 and the HW volume ID11404 of the management-side storage information 114C for which the hostID 13001 and the volume ID 13006 included in the corresponding rowinformation of this management-side AP-volume correspondence information13 correspond. The management computer 10 sets this HW volume ID 11404as either the primary logical volume or the secondary logical volume ofthe remote replication used in the remote cluster (Step 5332). Thesetting of either the primary logical volume or the secondary logicalvolume, for example, may be done in accordance with the managementcomputer 10 making a random selection, may be decided beforehand, or maybe specified by the user later.

Next, the management computer 10 creates the management-side replicationinformation 113C based on this primary logical volume and secondarylogical volume decided in Step 5332. Specifically, the managementcomputer 10 registers the information obtained from the management-sidestorage information in the primary logical volume, registers the storagesubsystem ID 11402 in the primary storage system ID 11304, and the sameHW volume ID 11404 in the primary HW volume ID 11305 with respect to themanagement-side replication information 113C. In addition, themanagement computer 10 uses the information obtained from themanagement-side storage information 114C as the secondary logicalvolume, and registers the storage subsystem ID 11402 as the secondarystorage subsystem ID 11306 and the same HW volume ID 11404 as thesecondary HW volume ID 11307 with respect to the management-sidereplication information 113C. Further, the management computer 10decides a replication group name that will not collide with another nameas the replication group ID 11300 of the management-side replicationinformation 113C, and registers remote replication as the replicationoption information 11301. In addition, the management computer 10creates the management-side catalog information 14. Specifically, themanagement computer 10 registers the backup ID 1801 registered in themanagement-side backup information (created in Step 5315) in the backupID 1401, the Remote Cluster 19002 of the row information in which thevirtual host ID of the management-side cluster configuration information19 corresponds to the user-specified value in the Remote Cluster 1403,19003 of the same row information in the 1st 1405 host ID, and 19004 ofthe same row information in the 2nd 1405 host ID. In addition, themanagement computer 10 registers the host computer coupled to theprimary storage subsystem 1000 as the active host ID (Step 5333).

Next, the management computer 10 creates the replication information113C for the secondary storage subsystem backup of the remote cluster.That is, the management computer 10 sets the HW logical volume set asthe secondary logical volume in Step 5333 as the primary logical volumeof the local replication. In addition, the management computer 10selects a logical volume Vol that is not being used in the currentreplication from the management-side storage information of the samestorage subsystem ID 11402, and sets this logical volume Vol as thesecondary logical volume. The methods for selecting a volume here thatis not being used in the replication are to acquire the storagesubsystem 1000 information from the storage control instruction and touse the logical volume Vol stipulated beforehand by the user. Next, themanagement computer 10 decides a replication group name that will notcollide with another name as the replication group ID 11300 of themanagement-side replication information 113C, and registers localreplication as the replication option information 11301. At this point,the management computer 10 creates management-side replicationinformation proportional to the number of backup generations (Step 5320)worked out in FIG. 21. Next, the management computer 10 creates themanagement-side site catalog information 15 for the secondary storagesubsystem. Specifically, the management computer 10 sets the backup ID1801 provided as the management-side backup information in 15001, setsthe ID of the host computer 200 that uses the logical volume Vol set inthe primary logical volume in the host 15002, and sets the initial valueas the generation-in-use 15003, and registers the replication group ID11300, which is registered in the replication information 113C createdfor the secondary storage subsystem of the above-mentioned remotecluster, in the first generation group 15005, the second generationgroup 15007 and the third generation group 15009 resulting fromcomputing the number of generations 15004 in Step 5320 (Step 5334).

Next, either in a case where the Remote Cluster is “No” in Step 5331 oras the processing subsequent to Step 5334, the management computer 10creates the replication information 113C for backup use in the primarystorage subsystem for the local cluster and the remote cluster. That is,the management computer 10 sets the HW logical volume set as the primarylogical volume in Step 5333 to the primary logical volume of the localreplication. In addition, the management computer 10 selects a logicalvolume Vol that is not being used in the current replication from themanagement-side storage information of the same storage subsystem ID11402, and sets this logical volume as the secondary logical volume.Next, the management computer 10 decides a replication group name thatwill not collide with another name as the replication group ID 11300 ofthe management-side replication information 113C, and registers localreplication as the replication option information 11301. At this point,the management computer 10 creates management-side replicationinformation proportional to the number of backup generations worked outin FIG. 21 (Step 5320). Next, the management computer 10 creates themanagement-side site catalog information 15 for the primary storagesubsystem. Specifically, the management computer 10 sets the backup ID1801 provided as the management-side backup information in 15001, setsthe ID of the host computer 200 that uses the logical volume Vol set inthe primary logical volume in the host 15002, and sets the initial valueas the generation-in-use 15003, and registers the replication group ID11300, which is registered in the replication information 113C createdfor the secondary storage subsystem of the above-mentioned remotecluster, in the first generation group 15005, the second generationgroup 15007 and the third generation group 15009 resulting fromcomputing the number of generations 15004 in Step 5320 (Step 5335).

Lastly, the management computer 10 creates a storage control instruction(replication establishment) from the management-side replicationinformation created in the above-mentioned step, and issues thisinstruction to the storage subsystem 1000 (Step 5336). The storagesubsystem 1000 establishes the replication in accordance with thisstorage control instruction.

(1-5) Normal Operations in the Computer System of First Embodiment

(1-5-1) Backup Process

Once the management computer 10 completes the processing (FIG. 21) forthe backup setting, a backup process is begun by the active-state hostcomputer 200. The host computer 200 creates this information based onthe backup program 213.

FIG. 26 is the flow of processing for a backup process by the hostcomputer 200.

First, upon receiving the backup control instruction from the managementcomputer 10 (Step 5400), the host computer 200 analyzes the content ofthe backup control instruction, extracts the management-side backupinformation 18 and the management-side site catalog information 15included in this instruction, and stores this information in the memory210 inside this host computer. In the drawings, to distinguish betweenthe information on the management computer 10, the above-mentionedinformation arranged on the host computer 200 is respectively notated asthe management-side backup information 18L and the management-side sitecatalog information 15L.

Next, the host computer 200 reads this management-side backupinformation 18 and the management-side site catalog information 15, andspecifies a replication group that uses the backup-target applicationand the data thereof, and the backup start time in the backup. Next, thehost computer 200 registers the backup execution instruction withrespect to the application data in the scheduler 217 of this computer sothat the backup is executed at the start time (Step 5410).

Next, the host computer 200 monitors the scheduler, and waits for thebackup execution instruction to end (Step 5420). When the backupexecution instruction has been implemented, the host computer 200 makesa quiescencing the AP 211 running on this computer. AP quiescencing is aprocedure creating a state in which data is recoverable by temporarilysuspending this AP, and writing the temporary data of this AP data,which exists in the AP or the OS, to all the storage subsystems.Subsequent to AP quiescencing, the host computer 200 issues a storagecontrol instruction (a replication temporary suspend) for storing thebackup of the corresponding AP data in the replication. The storagesubsystem 1000, upon receiving this instruction, suspends the copying ofthe replication pair included in the specified replication group.

In a case where the backup execution instruction has ended (Step 5420:YES), the host computer 200 computes the time at which the next backupshould be executed. Specifically, the host computer 200 performs thiscomputation by adding the backup interval to the time at which thebackup ended. Next, the host computer 200 moves to Step 5410 to registera backup instruction that will change the backup start time in thescheduler 217 (Step 5430).

(1-5-2) Restore Process

The restore process is the process by which the management computer 10restores data that has been backed up. The management computer 10 andthe host computer 200 execute this restore process on the basis of themanagement program 12 and the backup program 213, respectively.

FIG. 27 is the flow of processing for the restore process by themanagement computer 10.

First, in a case where the user implements a restore via an input screenof a terminal or the like, the management computer 10 issues a backupcontrol instruction (a backup status report) to the active-state hostcomputer 200 (Step 5500). The backup status report is able to acquirethe management-side site catalog information managed by a physicalcomputer.

The host computer 200, upon receiving this backup status controlinstruction, analyzes the content thereof, and upon determining that theinstruction content is a backup status report, returns themanagement-side site catalog information 15L managed by its own computer200 included in a response (Step 5505).

Next, the management computer 10 outputs the content of this informationvia the input screen and acquires the application data to be restoredfrom the user. Next, the management computer 10 issues a backup controlinstruction (a restore instruction) to the active-state host computer(Step 5510). FIG. 28 shows an example of the restore process inputscreen here.

The management computer 10 obtains the virtual host computer Host1 andthe application name DB from the list of application programs in theupper portion of the drawing in FIG. 28 as the restore-targetinformation. Next, the management computer 10 acquires Instance1 fromthe application data in the lower portion of the drawing as therestore-target data. In the screen of FIG. 28, after the user hasinputted all the information and pressed the restore button, a screenfor specifying the restore data appears. In accordance with this screen,the management computer 10 obtains all the information for restoring therestore-target data. FIG. 29 shows an example of the screen.

Specifically, in FIG. 29, the management computer 10 acquires DB1 ofInstance1 and the backup time thereof (Aug. 12, 2009 11:12:20) as therestore-target data of the application name DB specified in FIG. 28.Subsequent to acquisition, the management computer 10 issues a backupcontrol instruction (a restore instruction) to the active-state hostcomputer 200 based on this information. In order to specify theactive-state host computer from among a plurality of host computers, themanagement computer 10 references the active host ID of themanagement-side catalog information 14.

The host computer 200, upon receiving this backup control instruction,analyzes this control instruction and starts a restore process for thiscontrol instruction backup data (Step 5520).

Next, the host computer 200 makes a quiescencing the AP 211. To make aquiescencing the AP 211, for example, the host computer 200 uses adedicated AP operation interface or a dedicated AP 211 control command(Step 5530).

Next, in order to perform a replication operation, the host computer 200references the management-side site catalog information that holds thehost ID of the active host computer, specifies the replication group IDof the generation specified on the restore input screen, specifies thisreplication group ID, and issues a storage control instruction(replication temporary-suspend instruction) to the storage subsystem1000 in which this replication group is recorded (Step 5540). In sodoing, the storage subsystem 1000 implements replication control inaccordance with this instruction. Specifically, the storage subsystem1000 overwrites the primary logical volume used by the application withthe content of the secondary logical volume.

Next, the host computer 200 boots up the AP 211. When the AP 211 isrunning, the host computer 200 references the restored data, andcontinues the processing of the AP 211. Next, the host computer 200returns a message to the management computer 10 as a response to thebackup control instruction to the effect that the AP restore has beencompleted (Step 5550).

The management computer 10, upon receiving the response to the backupcontrol instruction, determines from this response whether or not therestore was a success (Step 5560).

In a case where this response is that the restore was a success (Step5560: YES), the management computer 10 notifies the user that therestore succeeded (Step 5570).

Alternatively, in a case where this response is that the restore failed(Step 5560: NO), the management computer 10 notifies the user that therestore failed (Step 5570). The user begins the restore process onceagain from Step 5500 to find data that is capable of being restored.

(1-6) Operations When Failure Occurs in Computer System Using RemoteCluster of First Embodiment

The operations at the time of a failure will differ for a local clusterand a remote cluster. The operations subsequent to the occurrence of afailure in the remote cluster will be explained here.

(1-6-1) Backup Process Following Failure in Active-State Host Computer

First, a backup process performed following a failure of theactive-state host computer will be explained. Hereinafter, the hostcomputer in which the above-mentioned failure occurred will be calledthe failed host. The host computer 200 executes this process on thebasis of the cluster program 214.

FIG. 30 is the flow of processing by which the inactive-state hostcomputer 200 takes over the backup process subsequent to the failure ofthe failed host 200 a.

In order to detect the failure of a host computer 200, the plurality ofhost computers 200 in the cluster system regularly check the operationsof a failure monitoring targeted host computer that differs from its owncomputer (Step 5600). This is realized by the host computer 200communicating simple information with another host computer 200 via thecontrol line 55.

In a case where the active-state host computer 200 a fails at thispoint, the inactive-state host computer 200 that detected this failureimplements a failover process to take over the processing of thisactive-state host computer (the failed host) (Step 5600: NO).Specifically, this inactive-state host computer 200 b (hereinaftercalled the new active host) implements the following procedures.

First, the new active host 200 b carries out a replication operation tomake it possible for the new active computer 200 b itself to use thelogical volume Vol to be accessed. Specifically, the direction of theremote replication implemented between the storage subsystems 1000 mustbe changed, and the new active host 200 b issues a storage controlinstruction (a replication reverse instruction) to the secondary storagesubsystem 1000 b (Step 5610). The secondary storage subsystem 1000 btemporarily suspends the remote replication that at the least thestorage subsystem 1000 b itself is processing, and changes the logicalvolume that had been the secondary logical volume to the primary logicalvolume. In addition, to the extent possible, the secondary storagesubsystem 1000 b implements processing for reversing the replicationdirection of this remote replication. The process for reversing thereplication direction causes the secondary storage subsystem 1000 b tocommunicate with the primary storage subsystem 1000 a, and in a casewhere both replication processes are able to continue, makes bothstorage subsystems 1000 cooperate to reverse the replication direction.As a result of this, the status of the above-mentioned remotereplication transitions to either the copying status in which thereplication is implemented in reverse, or the abnormal status.

Next, the new active host 200 b changes the network address shown to theclient computer to the address that the failed host 200 a had been using(Step 5620).

Next, the new active host 200 b boots up the AP 216 on its own newactive host 200 b.

Next, the new active host 200 b boots up the backup program 213 on itsown new active host 200 b. Upon booting up the backup program 213, thenew active host 200 b references the management-side site cataloginformation 15L and the management-side backup information 18L arrangedin the memory, and starts the backup process. Since the backup processof the new active host 200 b here takes over the backup process that wasbeing implemented by the failed host 200 a, the backup executioninstruction that the failed host 200 a registered in the scheduler ischanged to become the backup execution instruction of the new activehost 200 b.

(1-6-2) Post-Failover Restore Process

A post-failover restore process will be explained. The host computer 200executes this process on the basis of the cluster program 214.

The restore process is for restoring data that has been backed up by themanagement computer 10. The management computer 10 and the host computer200 execute this restore process on the basis of the management program12 and the backup program 213, respectively.

The post-failover restore process is basically the same process as thenormal-state restore process. However, processes 5540F and 5590F areadded to make it possible to restore the backup data that the failedhost 200 a had acquired prior to failing.

FIG. 31 is a post-failover restore process to which changes have beenmade compared to the normal-state restore process. The changes will beexplained using FIGS. 32 and 33.

FIG. 32 is the flow of processing for determining whether or not datathat the failed host 200 a backed up in the primary storage subsystem1000 a prior to the failover will be used as the restore-target data,and corresponds to the processing of 5590F of FIG. 31.

First, the management computer 10 issues a storage control instruction(a replication status report) to the secondary storage subsystem 1000 bfor acquiring the status of the remote replication established betweenthe storage subsystems (Step 5591).

The secondary storage subsystem 1000 b that receives this controlinstruction analyzes the content of the instruction, references thestorage-side replication pair management information 1210, reads thereplication status information 12103 in this information, and returnsthis status information to the management computer 10 as a response tothis control instruction (Step 5992).

Upon receiving this control instruction response, in a case where theremote replication is an abnormal status (Step 5593: NO), the managementcomputer 10 determines that the failure is not only in the failed host200 a, but that a failure has also occurred in the primary storagesubsystem 1000 a. Specifically, the management computer 10 onlyreferences the management-side backup information 18 managed by the newactive host 200 b in order to target for recovery only that backupacquired subsequent to the failover by the new active host 200 b withoutusing the data backed up in this primary storage subsystem 1000 a as therestore target (Step 5595).

Alternatively, in a case where the remote replication is not theabnormal status (Step 5593: YES), the primary storage subsystem 1000 ais still operating after the failover, and the management computer 10also targets for restore the management-side site catalog information(hereinafter, this management-side site catalog information will becalled residual site catalog information to distinguish it from themanagement-side site catalog information managed by the new active host)on the failed host 200 a, which was acquired regularly from the failedhost 200 a (Step 5594). For this reason, using the restore screen shownin FIG. 28, the restore candidate adds the amount of backup data thatthe failed host 200 a had acquired prior to failover. The processing ofStep 5594 here is premised on the fact that the management computer 10acquires the management-side site catalog information from the targethost computer regularly instead of just around the time of the failure.Since unrestorable data may be recorded in this management-side sitecatalog information when this information is old, the interval foracquiring information to the physical server is made sufficientlyshorter than the scheduled backup processing interval.

The processing of Step 5510F of FIG. 31 is the same as that of thenormal restore process shown in FIG. 27 with the exception of anexceptional case. An exceptional case is a case in which the user isable to select the backup data of the failed host as the restore target,and in accordance with this, the management computer 10 issues a backupcontrol instruction (a compound restore) to the new active host. Acompound restore process is one that combines a remote replication witha local replication in order to obtain the restore-target data. For thisreason, the information of the remote replication under establishmentbetween the primary and secondary storage subsystems 1000 is alsoincluded in the compound restore instruction in addition to therestore-target data information.

FIG. 33 is the flow of replication control processing for the restoreprocess in a case where it is possible to restore the data that thefailed host 200 a acquired prior to the failover, and is the processingof Step 5540F of FIG. 31.

First, the new active host 200 b determines whether or not the restoretarget recorded in the backup control instruction received from themanagement computer 10 is the data of the host computer 200 a thatfailed (Step 5541).

In a case where this restore target is not the data of the failed host200 a (Step 5541: NO), the replication operation shown in Step 5540 iscarried out (Step 5543).

Alternatively, in a case where this restore target is the backup data ofthe failed host 200 a (Step 5541: YES), the new active host 200 bperforms a replication operation to transfer the backup data, which isstored in the primary storage subsystem 1000 a coupled to the failedhost 200 a, to the secondary storage subsystem 1000 b. Specifically, thenew active host 200 b successively controls both the replication groupin which the restore-target backup data included in the restoreinstruction of the backup control instruction is stored, and the remotereplication group included in the backup control instruction. FIG. 34 isa schematic diagram related to the process for replicating the datacreated by the failed host 200 a subsequent to the occurrence of thefailure.

In FIG. 34, the new active host 200 b reverses the replication (1)inside the storage subsystem 1000. Next, the new active host 200reverses the remote replication (2). In accordance with these twoprocedures, for example, it is possible to set the restore target to aform that includes this data even after the failure has occurred in thehost computer.

The new active host 200 b references the management-side site cataloginformation having the host ID of the failed host, specifies thisreplication group ID, and issues a storage control instruction (areplication temporary-suspend instruction) to the storage subsystem 1000in which this replication group is recorded. In so doing, the storagesubsystem 1000 implements replication control in accordance with thisinstruction. Specifically, the new active host 200 b overwrites theprimary logical volume used by the failed host 200 with the contents ofthe secondary logical volume.

(1-7) Operations When Failure Occurs in Computer System Using LocalCluster of First Embodiment

The operations at the time of a failure will differ for a local clusterand a remote cluster. The operations subsequent to a failure in thelocal cluster will be explained here.

(1-7-1) Backup Process Subsequent to Host Computer Failure

First, the local cluster does not require remote replication controlsince a plurality of storage subsystems 1000 do not exist. Therefore,the local cluster backup process differs greatly from the backup processin the remote cluster system in that Step 5610 of FIG. 30 does notexist.

Further, since the host computers 200 use the same storage subsystem1000 and logical volume Vol, the management-side site cataloginformation and the management-side catalog information required in abackup are shared by the host computers 200. For this reason, similar tothe data on the storage subsystem 1000 that is shared by the hostcomputers 200, this backup information is arranged on the storagesubsystem the same as the data. For this reason, even in a case where afailure occurs in the host computer 200 a and failover is carried out toanother host computer 200 b, the new active host 200 simply reads thebackup information from the storage subsystem without changing thefailed host 200 a backup content in the backup information, and withouta change occurring on the screen that the user is using.

(1-7-2) Restore Process Subsequent to Host Computer Failure

The restore process in the local cluster system differs from that of theremote cluster system in that there is no process for controlling aremote replication. The restore process of the local cluster systemdiffers from that of the remote cluster system in that, as long as thestorage subsystem has not malfunctioned, it is possible to use as therestore-target data the same backup data as the data that has beenbacked up by the failed computer 200.

(1-8) Storage Subsystem Replication Process

The replication process in the storage subsystem is classified into twotime periods. These are an initial copy and a regular copy. The initialcopy is the replication start process, and is processing for replicatingthe content of the replication-source logical volume Vol in thereplication destination. The regular copy is the replication processsubsequent to the end of the initial copy.

(1-8-1) Initial Copy Process by Storage Subsystem

Next, a remote replication start process by the storage subsystem 1000will be explained.

FIG. 35 is a diagram showing a flowchart of a process for starting areplication (hereinafter, will be called the initial copy process) to beexecuted by the primary and secondary storage subsystems 1000 in thefirst embodiment.

(Step 8010) The primary storage subsystem 1000 a receives a storagecontrol instruction (replication establishment instruction), and createsstorage-side replication pair management information 1210 on the basisof information extracted from this instruction. Specifically, theprimary storage subsystem 1000 a stores the ID of the primary logicalvolume specified in the replication establishment instruction in thelogical volume ID 12101 of the storage-side replication pair managementinformation 1210 as the copy-source primary logical volume. Next, theprimary storage subsystem 1000 a stores initial copying in thereplication status information 12102 of the storage-side replicationpair management information 1210. In addition, the primary storagesubsystem 1000 a stores the ID of the replication pair included in thisrequest in the replication pair ID 12100, stores the copy group IDincluded in this request in the replication group ID 12107, and storesthe copy type included in this request in the replication type 12106 ofthe storage-side replication pair management information 1210.

(Step 8020) The storage subsystem 1000 a creates an inter-storagereplication pair start request comprising information corresponding tothe information included in the replication establishment instruction tothe storage subsystem 1000 b that is the remote replication startpartner.

The information included in the inter-storage replication pair startrequest is shown below.

(1) ID of primary storage subsystem of start-target replication pair andID of primary logical volume.(2) ID of secondary storage subsystem of start-target replication pairand ID of secondary logical volume.(3) Copy type of start-target replication pair.(4) ID of start-target replication pair.(5) ID of copy group in which the start-target replication pair areincluded.

(Step 8040) The secondary storage subsystem 1000 b that receives thisrequest carries out 8010 as the processing corresponding to this requestto either create or update the storage-side replication managementinformation 1210 b.

(Step 8050) Next, the primary storage subsystem 1000 a starts theinitial copy for copying the data stored in the primary logical volumeto the secondary logical volume of the secondary storage subsystem.

Furthermore, the primary storage subsystem 1000 a, which is in theprocess of initial copying, reads the data from the primary logicalvolume identified by the logical volume ID 12102 of the storage-sidereplication pair management information 1210A, creates an initial copyrequest comprising the read-source primary logical volume ID (or thecorresponding secondary logical volume ID), the primary logical volumeaddress (or the corresponding secondary logical volume address), and theread data, and sends this request to the secondary storage subsystem1000 b.

The secondary storage subsystem 1000 b, which receives this initial copyrequest, writes the read data from the primary logical volume to thesecondary logical volume and the secondary logical volume addressspecified in this request.

(1-8-2) Regular Copy Process by Storage Subsystem

When the initial copy process has ended, the primary and secondarystorage subsystems 1000 start the operation of a continuation process ofthe remote copy (hereinafter, called the regular copy). In other words,the primary and secondary storage subsystems 1000 start a regular copyoperation after the data of the primary logical volume and the data ofthe secondary logical volume are identical.

Specifically, the primary storage subsystem 1000 a, upon receiving awrite request after the initial copy process has ended, executes theregular copy process. For example, the primary storage subsystem 1000 a,upon writing data to the primary logical volume, also writes thiswrite-data to the secondary logical volume.

FIG. 36 is a flowchart showing an example of the regular copy processexecuted by the storage subsystems 1000 in the first embodiment of thepresent invention. Furthermore, a regular copy may also be realized byprocessing other than FIG. 36.

The primary storage subsystem 1000 a receives an I/O from the hostcomputer 200. This I/O is a write request. Next, the primary storagesubsystem 1000 a extracts the write-requested data (write data) from theI/O request. Next, the primary storage subsystem 1000 a extracts thestorage ID and the volume ID from the I/O request.

Next, the primary storage subsystem 1000 a writes the extracted writedata to the logical volume Vol identified by the acquired logical volumeID.

(Step 8250) Next, the primary storage subsystem 1000 a creates the datatransfer request shown in FIG. 37.

Specifically, the copy-source primary storage subsystem 1000 a selectsreplication pair management information 1210 in which the acquiredlogical volume ID and the logical volume ID 12101 of the replicationpair management information 1210A are identical. Next, thereplication-source primary storage subsystem 1000 a extracts thereplication-target storage ID 12104 and the replication-target volume ID12105 from the selected replication pair management information 1210A.

Next, the primary storage subsystem 1000 a stores the extractedreplication-target volume ID 12105 in the logical volume ID of the datatransfer request. Next, the primary storage subsystem 1000 a stores theaddress of the block in which the write data is stored in the blockaddress of the data transfer request.

Next, the primary storage subsystem 1000 a stores the size of the writedata in the write data length of the data transfer request. Next, theprimary storage subsystem 1000 a stores either all or part of the writedata in the transfer data of the data transfer request.

Next, the primary storage subsystem 1000 a stores the order in whichthis transfer request was created in the regular copy in the datatransfer request serial number 18405. Next, the primary storagesubsystem 1000 a stores the extracted replication-target storage ID inthe transfer-destination storage ID 18406 of the data transfer request1840.

(Step 8260) Next, the primary storage subsystem 1000 a sends the createddata transfer request 1840 to the secondary storage subsystem 1000 b.

(Step 8270) The secondary storage subsystem 1000 b receives the datatransfer request 1840. In so doing, the secondary storage subsystem 1000b writes the transfer data 23D of the data transfer request 1840 to thelogical volume Vol identified by the logical volume ID 18401 of the datatransfer request 1840.

Then, the storage subsystems 1000 end the processing of the regular copycorresponding to the one I/O request.

The preceding explanation has explained a management system that managesa plurality of computers and a storage system, which provides aplurality of logical volumes and which is configured from one or moreapparatuses, this management system comprising a port for coupling tothe above-mentioned plurality of host computers, a memory for storingcluster information, a processor for detecting a failover that hasoccurred in the above-mentioned plurality of computers and for updatingthe above-mentioned cluster information, and an input/output device forreceiving a backup setting request comprising a virtual host identifierfor input use, an application instance identifier for input use, and abackup schedule input value.

Furthermore, it was explained that the above-mentioned processor:

(A) references the above-mentioned cluster information, therebyspecifying an active-state host computer corresponding to theabove-mentioned virtual host identifier for input use, and aninactive-state computer corresponding to the above-mentionedactive-state host computer included in the above-mentioned plurality ofhost computers;

(B) specifies a first storage subsystem included in the above-mentionedstorage system, and a first logical volume provided by theabove-mentioned first storage subsystem, which are accessed by theabove-mentioned active-state host computer, by executing an applicationprogram identified by the above-mentioned application instanceidentifier for input use;

(C) determines whether the above-mentioned inactive-state host computeris able to access the above-mentioned first storage subsystem and theabove-mentioned first logical volume;

(D) in a case where the above-mentioned inactive-state host computer isnot able to access the above-mentioned first logical volume, selects asecond storage subsystem included in the above-mentioned storage systemthat is accessible from the above-mentioned inactive-state hostcomputer, and sends to the above-mentioned first storage subsystem areplication establishment instruction for disaster recovery use thatmakes the above-mentioned first logical volume a copy source, and makesa second logical volume provided by the above-mentioned second storagesubsystem a copy destination; and

(E) causes the above-mentioned active-state host computer to control areplication process for backup use, which, in accordance with theabove-mentioned backup schedule input value, makes the above-mentionedfirst logical volume the copy source and makes one or more third logicalvolumes included in the above-mentioned first storage subsystem the copydestination (s) by sending to the above-mentioned active-state hostcomputer via the above-mentioned port a backup schedule registrationinstruction comprising backup schedule instruction information createdon the basis of the above-mentioned backup schedule input value.

Furthermore, it was explained that the above-mentioned processor:

(F) may acquire replication process information from the above-mentionedactive-state host computer, thereby storing the creation time of backupdata created in accordance with the above-mentioned backup scheduleinput value and the identifier (s) of the above-mentioned one or morethird logical volumes that store the above-mentioned backup data in theabove-mentioned memory as catalog information for management use; and

(G) may reference the above-mentioned catalog information for managementuse, thereby displaying on the above-mentioned input/output device oneor more creation times of the backup data corresponding to theabove-mentioned application program specified by the above-mentionedvirtual host identifier for input use and the above-mentionedapplication instance identifier for input use.

Further, it was also explained that in a case where the above-mentionedinactive-state host computer becomes the next active-state host computerby taking over the processing of the above-mentioned application programfrom the above-mentioned active-state host computer in accordance with afailover, the above-mentioned processor:

(H) may acquire next information for the control of the backupreplication process based on the above-mentioned backup schedule inputvalue, which the above-mentioned next active-state host computerinherited from the above-mentioned active-state host computer;

(I) in accordance with this next information, may store in theabove-mentioned memory as the above-mentioned catalog information thecreation time of the next backup data created under the control of theactive-state host computer and the identifier(s) of the one or morethird logical volumes that store the above-mentioned backup data; and

(J) may reference the above-mentioned catalog information for managementuse, thereby displaying on the above-mentioned input/output device thecreation time of the above-mentioned next backup data as the creationtime of the backup data corresponding to the above-mentioned applicationprogram.

Further, it was explained that the above-mentioned input/output devicemay receive a restore instruction specifying a prescribed backup datainputted based on the above-mentioned virtual host identifier for inputuse and the application instance identifier for input use, and thedisplay of the creation time of the above-mentioned backup data, andthat the processor may specify one of the above-mentioned third logicalvolumes that store backup data specified by the above-mentioned restoreinstruction, and by sending the restore instruction specifying one ofthe above-mentioned specified third logical volumes to theabove-mentioned active-state host computer, may cause theabove-mentioned storage system to return the backup data stored in oneof the above-mentioned third logical volumes to the above-mentionedfirst logical volume.

Further, it was also explained that in a case where the above-mentionedinactive-state host computer takes over the processing of theabove-mentioned application program from the above-mentionedactive-state host computer in accordance with a failover, therebybecoming the next active-state host computer, the above-mentionedprocessor:

(H) may acquire next information for the control of the backupreplication process based on the above-mentioned backup schedule inputvalue, which the above-mentioned next active-state host computerinherited from the above-mentioned active-state host computer;

(I) in accordance with this next information, may store the creationtime of the next backup data created under the control of theactive-state host computer and the identifier (s) of the one or morethird logical volumes that store the above-mentioned backup data in theabove-mentioned memory as the above-mentioned catalog information; and

(J) may reference the above-mentioned catalog information for managementuse, thereby displaying on the above-mentioned input/output device thecreation time of the above-mentioned next backup data as the creationtime of the backup data corresponding to the above-mentioned applicationprogram.

Further, it was also explained that in a case where the above-mentionedinactive-state host computer becomes the next active-state host computerby taking over the processing of the above-mentioned application programfrom the above-mentioned active-state host computer in accordance with afailover without being able to access the above-mentioned first storagesubsystem, the above-mentioned processor:

(K) may acquire next information for controlling the next backupreplication process, which, based on the above-mentioned backup scheduleinput value, makes the above-mentioned second logical volume the copysource and makes one or more fourth logical volumes provided by theabove-mentioned second storage subsystem the copy destination (s);

(L) in accordance with the above-mentioned next information, may storein the above-mentioned memory as the above-mentioned catalog informationthe creation time of the next backup data created under the control ofthe active-state host computer, and the identifier (s) of theabove-mentioned one or more third logical volumes that store theabove-mentioned backup data; and

(M) may reference the above-mentioned catalog information for managementuse, thereby displaying on the above-mentioned input/output device thecreation time of the above-mentioned next backup data stored in theabove-mentioned fourth logical volume as the creation time of the backupdata corresponding to the above-mentioned application program, and maysuppress the display of the creation time of the above-mentioned backupdata stored in the above-mentioned third logical volume.

1. A management method of managing a storage system, the storage systemproviding a plurality of logical volumes and being configured from oneor more apparatuses, the storage system providing a plurality of hostcomputers which are coupled to a port, the method comprising: storingcluster information in a memory; detecting, via a processor, a failoverthat has occurred in the plurality of host computers and updating thecluster information; receiving, via an input/output device, a backupsetting request including a virtual host identifier for input use, anapplication instance identifier for input use, and a backup scheduleinput value; (A) specifying, via the processor, by referencing thecluster information, an active-state host computer corresponding to thevirtual host identifier for input use, and an inactive-state hostcomputer corresponding to the active-state host computer included in theplurality of host computers; (B) specifying, via the processor, a firststorage subsystem included in the storage system, and a first logicalvolume provided by the first storage subsystem, which the active-statehost computer accesses by executing an application program identified bythe application instance identifier for input use; (C) determining, viathe processor, whether the inactive-state host computer is able toaccess the first storage subsystem and the first logical volume; (D)selecting, via the processor, in a case where the inactive-state hostcomputer is not able to access the first logical volume, a secondstorage subsystem included in the storage system that is accessible fromthe inactive-state host computer, and sending to the first storagesubsystem a replication establishment instruction for disaster recoveryuse, with the first logical volume being made a copy source, and asecond logical volume provided by the second storage subsystem beingmade a copy destination; and (E) by sending, via the processor, to theactive-state host computer, via the port, a backup schedule registrationinstruction including backup schedule instruction information created onthe basis of the backup schedule input value, causing the active-statehost computer to control a replication process, for backup use, with thefirst logical volume in accordance with the backup schedule input valuebeing made the copy source, and with one or more third logical volumesincluded in the first storage subsystem being made copy destinations. 2.A management method according to claim 1, further comprising: (F) byacquiring, via the processor, replication process information from theactive-state host computer, storing in the memory as catalog informationfor management use a creation time of backup data created in accordancewith the backup schedule input value and the identifiers of the one ormore third logical volumes that store the backup data; and (G) byreferencing, via the processor, the catalog information for managementuse, displaying on the input/output device one or more creation times ofthe backup data corresponding to the application program specified bythe virtual host identifier for input use and the application instanceidentifier for input use.
 3. A management method according to claim 2,further comprising: receiving, via the input/output device, a restoreinstruction specifying a prescribed backup data inputted based on thevirtual host identifier for input use and the application instanceidentifier for input use, and displaying the backup data creation time;and specifying, via the processor, one of the third logical volumes thatstore backup data specified by the restore instruction, and by sendingthe restore instruction specifying one of the specified third logicalvolumes to the active-state host computer, causing the storage system toreturn the backup data stored in one of the third logical volumes to thefirst logical volume.
 4. A management method according to claim 3,wherein, in a case where the inactive-state host computer becomes a nextactive-state host computer by taking over processing of the applicationprogram from the active-state host computer as the result of a failover:(H) acquiring, via the processor, next information for controlling thereplication process, which the next active-state host computer takesover from the active-state host computer; (I) in accordance with thisnext information, storing, via the processor, in the memory, as thecatalog information, a next backup data creation time created under thecontrol of the active-state host computer, and the identifiers of theone or more third logical volumes that store the backup data; and (J) byreferencing, via the processor, the catalog information for managementuse, displaying on the input/output device the next backup data creationtime as a creation time of the backup data corresponding to theapplication program.
 5. A management method according to claim 3,wherein, in a case where the inactive-state host computer becomes a nextactive-state host computer by taking over the execution of theapplication program from the active-state host computer as the result ofa failover without being able to access the first storage subsystem: (K)acquiring, via the processor, the next information for controlling thenext backup replication process, with the second logical volume based onthe backup schedule input value being made the copy source while one ormore fourth logical volumes provided by the second storage subsystembeing made the copy destinations; (L) in accordance with the nextinformation, storing, via the processor, in the memory, as the cataloginformation, the next backup data creation time created under thecontrol of the active-state host computer, and the identifiers of theone or more third logical volumes that store the backup data; and (M) byreferencing, via the processor, the catalog information for managementuse, displaying on the input/output device a creation time of the nextbackup data stored in the fourth logical volume as a creation time ofthe backup data corresponding to the application program, andsuppressing the display of the creation time of the backup data storedin the third logical volume.
 6. A computer readable storage mediumstoring a management program, which when executed, causes a managementmethod to be performed, the management method for managing a storagesystem, the storage system providing a plurality of logical volumes andbeing configured from one or more apparatuses, the storage systemproviding a plurality of host computers which are coupled to a port, themethod comprising: storing cluster information in a memory; detecting,via a processor, a failover that has occurred in the plurality of hostcomputers and updating the cluster information; receiving, via aninput/output device, a backup setting request including a virtual hostidentifier for input use, an application instance identifier for inputuse, and a backup schedule input value; (A) specifying, via theprocessor, by referencing the cluster information, an active-state hostcomputer corresponding to the virtual host identifier for input use, andan inactive-state host computer corresponding to the active-state hostcomputer included in the plurality of host computers; (B) specifying,via the processor, a first storage subsystem included in the storagesystem, and a first logical volume provided by the first storagesubsystem, which the active-state host computer accesses by executing anapplication program identified by the application instance identifierfor input use; (C) determining, via the processor, whether theinactive-state host computer is able to access the first storagesubsystem and the first logical volume; (D) selecting, via theprocessor, in a case where the inactive-state host computer is not ableto access the first logical volume, a second storage subsystem includedin the storage system that is accessible from the inactive-state hostcomputer, and sending to the first storage subsystem a replicationestablishment instruction for disaster recovery use, with the firstlogical volume being made a copy source, and a second logical volumeprovided by the second storage subsystem being made a copy destination;and (E) by sending, via the processor, to the active-state hostcomputer, via the port, a backup schedule registration instructionincluding backup schedule instruction information created on the basisof the backup schedule input value, causing the active-state hostcomputer to control a replication process, for backup use, with thefirst logical volume in accordance with the backup schedule input valuebeing made the copy source, and with one or more third logical volumesincluded in the first storage subsystem being made copy destinations. 7.A computer readable storage medium according to claim 6, the methodfurther comprising: (F) by acquiring, via the processor, replicationprocess information from the active-state host computer, storing in thememory as catalog information for management use a creation time ofbackup data created in accordance with the backup schedule input valueand the identifiers of the one or more third logical volumes that storethe backup data; and (G) by referencing, via the processor, the cataloginformation for management use, displaying on the input/output deviceone or more creation times of the backup data corresponding to theapplication program specified by the virtual host identifier for inputuse and the application instance identifier for input use.
 8. A computerreadable storage medium according to claim. 7, the method furthercomprising: receiving, via the input/output device, a restoreinstruction specifying a prescribed backup data inputted based on thevirtual host identifier for input use and the application instanceidentifier for input use, and displaying the backup data creation time;and specifying, via the processor, one of the third logical volumes thatstore backup data specified by the restore instruction, and by sendingthe restore instruction specifying one of the specified third logicalvolumes to the active-state host computer, causing the storage system toreturn the backup data stored in one of the third logical volumes to thefirst logical volume.
 9. A computer readable storage medium according toclaim 8, wherein, in a case where the inactive-state host computerbecomes a next active-state host computer by taking over processing ofthe application program from the active-state host computer as theresult of a failover: (H) acquiring, via the processor, next informationfor controlling the replication process, which the next active-statehost computer takes over from the active-state host computer; (I) inaccordance with this next information, storing, via the processor, inthe memory, as the catalog information, a next backup data creation timecreated under the control of the active-state host computer, and theidentifiers of the one or more third logical volumes that store thebackup data; and (J) by referencing, via the processor, the cataloginformation for management use, displaying on the input/output devicethe next backup data creation time as a creation time of the backup datacorresponding to the application program.
 10. A computer readablestorage medium according to claim 8, wherein, in a case where theinactive-state host computer becomes a next active-state host computerby taking over the execution of the application program from theactive-state host computer as the result of a failover without beingable to access the first storage subsystem: (K) acquiring, via theprocessor, the next information for controlling the next backupreplication process, with the second logical volume based on the backupschedule input value being made the copy source while one or more fourthlogical volumes provided by the second storage subsystem being made thecopy destinations; (L) in accordance with the next information, storing,via the processor, in the memory, as the catalog information, the nextbackup data creation time created under the control of the active-statehost computer, and the identifiers of the one or more third logicalvolumes that store the backup data; and (M) by referencing, via theprocessor, the catalog information for management use, displaying on theinput/output device a creation time of the next backup data stored inthe fourth logical volume as a creation time of the backup datacorresponding to the application program, and suppressing the display ofthe creation time of the backup data stored in the third logical volume.